This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yaroslav_Basenk
Participant
‎2019-07-25 05:58 AM
Jump to solution

pptp VPN to Proxy ARP IP from outside.

Hi All,

I tryed to pass pptp vpn through the CP (80.20) from outside use Proxy ARP IP-address. I mean chain Internet --> ProxyARP+HA Cluster--> Internal PPTP server. In logs I see accepted GRE traffic but connection from Internal PPTP server --> External client NATed by cluster external IP and not by IP which I need. And of course pptp connection do not establish in this case. Can CP use Proxy ARP ip addresses for GRE passthrough?
P/S Then I try use cluster IP for publictation this pptp server all works correctly.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-07-26 10:33 AM
In response to Yaroslav_Basenk
Jump to solution

The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-07-25 07:11 PM
Jump to solution

What NAT rules do you have configured here?
Also it seems weird you are seeing traffic originating from the cluster IP.
Might be worth a TAC case.
0 Kudos
Yaroslav_Basenk
Participant
‎2019-07-25 11:54 PM
In response to PhoneBoy
Jump to solution

I see NATed gre in the  Smart console (screenshot attached).

As I understand it, I have to have a NAT rule for GRE, but I cannot create NAT exactly for the GRE protocol (very funny). So all I found is to create a NAT rule with ANY in the source service column and Original in the Translated services column. This is not very convenient if I have several rules for this address.Maybe is there a way to create a NAT rule for the GRE and not for ANY?

Preview file
90 KB
0 Kudos
Yaroslav_Basenk
Participant
‎2019-07-25 11:59 PM
In response to Yaroslav_Basenk
Jump to solution

Created  NAT rule

Preview file
24 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2019-07-26 10:33 AM
In response to Yaroslav_Basenk
Jump to solution

The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events