This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chonyi
Participant
‎2019-07-19 09:34 AM
Jump to solution

Site-To-Site VPN with NAT on localy managed SMB device

Hello,

Im having issue with hide nat on localy managed 1200R. I need traffic to have hide NATed source and than enter the tunnel. What happens is that traffic is being NATed but then it just exits wan port without entering the tunnel.

Any ideas how to get this sorted? 

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
Chonyi
Participant
‎2019-07-22 05:15 AM
In response to PhoneBoy
Jump to solution

I finnaly got this working.

There are few requirements that need to be fulfilled in order for source NAT to function inside a tunnel.

Both original and NAT source need to be part of local encryption domain.

Policy rule allowing original source network to communicate with remote destination network should be defined in outgoing and incoming rules.

In VPN settings>Advanced tab disable NAT for this site shouldn't be checked.

NAT rules should be defined appropriately.

 

Cheers!

 

 

 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-07-19 02:27 PM
Jump to solution

Did you uncheck Disable NAT for this site?

Screen Shot 2019-07-19 at 2.24.28 PM.png

Chonyi
Participant
‎2019-07-22 01:10 AM
In response to PhoneBoy
Jump to solution

I have tried both ways, everytime I see NATed packets on WAN port without encryption.
0 Kudos
Chonyi
Participant
‎2019-07-22 05:15 AM
In response to PhoneBoy
Jump to solution

I finnaly got this working.

There are few requirements that need to be fulfilled in order for source NAT to function inside a tunnel.

Both original and NAT source need to be part of local encryption domain.

Policy rule allowing original source network to communicate with remote destination network should be defined in outgoing and incoming rules.

In VPN settings>Advanced tab disable NAT for this site shouldn't be checked.

NAT rules should be defined appropriately.

 

Cheers!

 

 

 

0 Kudos
Pedro_Espindola
Advisor
‎2019-07-22 09:30 AM
Jump to solution

Did you add the translated range (after NAT) to your local encryption domain?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events