Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
love-cw
Explorer

NAT Space Routed to Interface

Jump to solution

I worked at a large Check Point Customer where we would set up a NAT Subnet by routing the subnet from the router to the firewall's vip.  I would like to use this technique as we are running out of addresses on the interface in question.  What else do I need to do to make this work?  

 

Cheers

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion

All you need to do is make sure the subnet is routed to the gateway, then you have the complete subnet at your proposal including network and broadcast address. On the Check Point just use the addresses, nothing else is needed, no proxy arp or anything else.

Regards, Maarten

View solution in original post

0 Kudos
2 Replies
Maarten_Sjouw
Champion
Champion

All you need to do is make sure the subnet is routed to the gateway, then you have the complete subnet at your proposal including network and broadcast address. On the Check Point just use the addresses, nothing else is needed, no proxy arp or anything else.

Regards, Maarten

View solution in original post

0 Kudos
Chris_Atkinson
Employee
Employee

There are several reasons that I prefer this approach, least of which is removing the dependency on proxy-arp.

I find it more flexible in terms of routing and your ISP link addressing etc.

0 Kudos