Create a Post
Showing results for 
Search instead for 
Did you mean: 

VPN Site to Site statically Nated IP address


I am trying to set a S2S tunnel between two Checkpoints managed by the same SMS (r80.10), but one of them is using a private IP as WAN to connect with the ISP. Then the ISP is routing the public IP to our private IP in the Checkpoint. I am using the Link Selection type of "Statically NATed IP" and I have set there the public IP I would like to use to form the packet. The problem I am seeing is that the tunnel does not get up and I cannot see traffic with tcpdump related to ipesec tunnel. Any idea about what could be happen? I could make a small diagram if you need it. Thank you very much.

0 Kudos
3 Replies

That could mean the traffic isn't getting to the gateway at all.
Which makes this an upstream issue.
Can you confirm IPSEC traffic is leaving the remote gateway?
0 Kudos

I am having the same issue. The VPN works when I have the Main IP activated. But when I then change it to Statically NATed IP the VPN drops and doesn't work.

Nothing shows up in the logs besides in the VPN debug then "Peer Name: Unknown"


0 Kudos

From sk32664:

Before R80.10, Check Point "Maintrain" Security Gateways did not support initiating IKE propositions over NAT-T.

A Security Gateway will accept and support proposals for industry UDP encapsulation behind port 4500, but will never initiate a proposal, unlike 600, 1100, 1200R and VPN-1 Edge Appliances that do support initiating IKE propositions over NAT-T.


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events