This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
luk89as
Participant
‎2022-03-10 11:20 PM

VPN S2S CP 700 Series WAN Behind NAT

Hello,

I have two Chececkpoint 750 and 730 gates.

Checkpoint 750 has an assigned public IP address on the WAN port.

Checkpint 730 is assigned a local IP address on the WAN port.

The address on the Checkpoint 730's WAN port is NAT 1: 1 from a public IP address.

This configuration results from the change of the link provider.

In the old configuration where both Checkpoints had public addresses on WAN ports, the S2S VPN connection worked without any problems.

After changing link provider and NAT public address to local WAN 1: 1 address, Checkpoint 730 presents itself to local WAN address. For this reason, the S2S VPN does not work.

In the S2S Checkpoint 750 VPN configuration, I configured the remote site behind NAT and provided the local address it was behind.

Still, it doesn't work.

Am I making a configuration error or is the supplier blocking something? Normal Gate <--> client connection works fine.

0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-03-11 12:11 AM

Can we move this post to Spark/SMB, @_Val_  ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
luk89as
Participant
‎2022-03-11 12:49 AM
In response to G_W_Albrecht

OK. Please move this post to Spark/SMB

0 Kudos
_Val_
Admin
Admin
‎2022-03-11 12:57 AM
In response to G_W_Albrecht

@G_W_Albrecht done. Also, you now are able to move the posts yourself 🙂 Please use this with caution.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-11 01:12 AM
In response to _Val_

I promise that i will 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
luk89as
Participant
‎2022-03-15 05:14 AM
In response to G_W_Albrecht

Hello,

Is it possible to configure what ip address Checkpoint 730 should present itself when connecting VPN S2S? It's about the WAN address.

Currently, the WAN port of Checkpoint 730 has a local 1: 1 nat address from a public IP.

All ports and services are not blocked by the provider. The problem is only the local IP address on the WAN nat 1: 1 port from the public address.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-15 05:29 AM
In response to luk89as

Can be configured in Advanced Settings:

AdvancedVPN.png

If that is not what you try to achieve, look at the other VPN S2S settings

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
luk89as
Participant
‎2022-10-19 11:24 PM
In response to G_W_Albrecht

I started S2S VPN connection.

In the S2S VPN settings I checked the option: "Disable NAT for this site"

I applied the setting to both Checkpoint devices.

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2022-10-23 11:13 PM

Does the new ISP link use CG-NAT where public IP is shared with other subscribers?
If so, using aggressive mode from CP730 to CP750 might be a choice. (CP730 as initiator, CP750 as responder)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events