This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shinchan
Explorer
‎2023-04-04 07:29 AM

How to set site to site VPN when the internal ip network address is same on both side

Peers can you tell me How to set Site to Site VPN in the below Scenario

I did setup normal site to site VPN but when I am pinging Gen2 Console from Site-1 Console, I am getting, "Reply from 192.168.1.31, Destination host unreachable."

I also applied the static route between 181.43.23.32 and 181.43.23.41

as Set static-route default nexthop gateway address 181.43.23.41 on

& Set static-route default nexthop gateway address 181.43.23.32 on , respective server and firewall, site 1 and gen2

 

Screenshot (297).png

Preview file
217 KB
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2023-04-05 07:28 AM

When the same IPs exist on both sides of the VPN, the only way to resolve the issue is with static NAT.
This implies:

  • Local encryption domain uses your IPs
  • Remote encryption domain uses NAT IPs (must be different from local IPs)
  • Remote End has relevant NAT rules

Depending on who needs to initiate VPN traffic, this may need to be done on both ends.

0 Kudos
Raj9
Explorer
‎2023-09-12 03:19 AM
In response to PhoneBoy

Hello,

Can you explain more about this. How to create static NAT

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-09-13 01:49 AM
In response to Raj9

R81.10 Quantum Security Management Administration Guide - Configuring the NAT Policy

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Doremon
Explorer
‎2023-04-21 01:41 AM

Dear Shinchan 

Did you sort the above case if you sort please share the solution i am eargly waiting to your message 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-04-21 01:48 AM
In response to Doremon

Solution is one of the following:

- as @PhoneBoy suggested, use static NAT (easy for one tunnel, but will be more and more complicated with higher number of VPNs)

- best solution: use different non-routable networks on each site, no need to use 192.168.1.x everywhere...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events