This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sx8n20394
Explorer
Thursday

Encryption Domains that are External IPs

Appliance : Locally Managed QS 1535

Firmware r81.10.10

I need to setup a S2S VPN with a customer. They have a requirement that all encryption domains are WAN IP addresses. I have a range of 5 addresses but only 1 is used which is the WAN interface of my firewall. Do I just tell them my peer and encryption domains are x.x.x.x/32 (same IP)? Also, can I safely assume I should uncheck disable NAT in the site tunnel settings?

Labels
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
yesterday

Sounds like the right answer on both counts.
Note that your local Encryption Domain should include the hosts that you want to communicate through the VPN.

0 Kudos
the_rock
Legend
Legend
yesterday

If NAT is needed, then dont check disable nat inside vpn community object.

Andy

0 Kudos
the_rock
Legend
Legend
yesterday

Also, dont check option to exclude external IP from vpn domain, its on vpn domain tab under topology or network (cant remember now exactly) when you edit gw object in smart console.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events