This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jomof
Contributor
‎2021-03-30 11:03 AM

How to nat a public ip address to local ip address when acesss to my office via remote access vpn.

Hello Expert,

 

I am trying to obtain a private ip address  as my source address when I establish a remote access vpn from home to my office.

example my isp provides a public during remote session, how could can I nat this ip address to a local ip address on my network.

The reason for this request is some applications requires a local ip address to allow connections.

 

Regards

 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-03-30 07:34 PM

Unless the gateway doesn't have a Mobile Access or Remote Access license, you should be able to leverage Office Mode.
Specifically, when Remote Access clients connect, they are assigned an IP address an virtual interface on the client.
This IP (presumably on the local network) is used to originate all connections over the VPN.
NAT is not required.
However, Office Mode requires specific configuration.
If you can tell me what gateway/software version, I can provide a pointer to the relevant documentation for this.

If you don't have the appropriate license on the gateway OR the client was installed as SecuRemote, then you will see the behavior you're describing.
If you configure Office Mode and have the relevant license AND the client is installed as at least Check Point Mobile, you won't need NAT.
If you don't have the appropriate license, then you can configure IP Pool NAT.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

jomof
Contributor
‎2021-03-31 06:33 AM
In response to PhoneBoy

Hello

Thanks for the prompt response 

If you can tell me what gateway/software version, I can provide a pointer to the relevant documentation for this.

The software version is gaia R77.30  also the client is using client was installed as SecuRemote.

 

Regards

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-31 06:50 AM
In response to jomof

SecuRemote is the client version without license and without OfficeMode, see Remote Access Clients E84.30 Release Notes. Only if the public IP used for the client is always the same you could configure it using NAT in rulebase.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jomof
Contributor
‎2021-03-31 07:31 AM
In response to G_W_Albrecht

Hello Albrecht,

The public IP used for the client for the client is always changing hence will be impossible to configure Nat in rulebase.

I notice you mention SeccRemote is client version without license and office mode is there an client version that can be 

use that supports office mode?

 

Regards

G_W_Albrecht
Legend Legend
Legend
‎2021-03-31 08:10 AM
In response to jomof

Fact is that all other client flavours do support office mode 😎 Find all of them in sk67820: Check Point Remote Access Solutions

Or, as @PhoneBoy wrote, Enable IP Pool NAT

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jomof
Contributor
‎2021-03-31 08:19 AM
In response to G_W_Albrecht

Hello 

Wow this is new to us we taught SecuRemote was the app with all the functionally but we were wrong.

We have around 5 person with remote access could you recommend on of the product using your expertise.

Regards

 

PhoneBoy
Admin
Admin
‎2021-03-31 05:54 PM
In response to jomof

When you install the VPN client you are given three choices:

  • Endpoint Security VPN (requires an Access license or one of the SandBlast Agent ones)
  • Check Point Mobile (requires either a Mobile Access license or licenses per above)
  • SecuRemote (requires no license, but has significant restrictions)

I recently wrote up something on how to configure your gateway to support SecuRemote.
It also covers how to configure IP Pool NAT.

However, if you're talking only five users, depending on your license, you may already be covered.
Most modern licenses include Mobile Access for five concurrent users.
In which case, you can use Check Point Mobile and configure Office Mode. 

R77.30 is VERY much End of Support at this point and I highly recommend upgrading to R80.40.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events