cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Definition of remote Gateway behind NAT

Hi,

do you know how centrally managed the CP1430 behind a NAT router?  I have nat-ed all the required ports from the Router Public IP to the Firewall. We have some isue on the VPN establishing (invalid ID Identifier).

How I should configure the gateway on the SMS?

172.16.0.1/24 -> CheckpointGateway -> 192.168.1.1/24 -> Router ->PublicIP ---> CheckPointGateway ---> SMS

I hope is clear.... I can establish a SIC and push policy correcly. I also receve the log on the SMS

Luigi

6 Replies
Admin
Admin

Re: Definition of remote Gateway behind NAT

The gateway object IP on the SMS would be the public IP.

You said you configured NAT for the required ports--which ones specifically?

Also, when you try to either push policy, fetch policy, etc, what specific behavior do you see?

Error messages? Screen shots? Other information?

0 Kudos

Re: Definition of remote Gateway behind NAT

If you have SIC and policy installs, you probably got it right.

VPN might require some further configuration to work.

NAT might be causing divergence between the IP address the CP1400 knows and what the peer knows. Check sk101469

sk36425 explains a similar issue, but caused by ISP redundancy.

Re: Definition of remote Gateway behind NAT

My environment is like the SK 101469 but the 1430 is Centrally Managed...

0 Kudos

Re: Definition of remote Gateway behind NAT

I assume you want a VPN to 3rd party VPN as explained here: sk108600: VPN Site-to-Site with 3rd party - maybe you should set the ID Type not to IP address but something else...

0 Kudos

Re: Definition of remote Gateway behind NAT

Nope, the both side are checkpoint gateways centrally managed

0 Kudos

Re: Definition of remote Gateway behind NAT

Please read sk108600 - maybe you should set the ID Type not to IP address but something else as i think it does send a wrong IP address... But you can analyze that using VPN Debug!