Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gemechisd
Contributor

IPSec with NAT

We have a checkpoint security gateway with R81.10 JHF 110 Installed. And we have established a Site to Site IPSec VPN with one partner having Fortigate Firewall. On the established IPSec tunnel we have 3 different Encryption Domains for different services. The third party wants our encryption domains to be natted to an IP Address they gave us. We have done the nat of our local encryption domains for the 3 services with different NAT IP's. And we can reach 2 services to the Remote destination / Encryption Domain, but we can't reach 1 service on the remote ED. All three services are on the same IPSec VPN Tunnel.

Why is 2 services with Natted IP's worked and 1 service is not working for us?

0 Kudos
4 Replies
the_rock
Legend
Legend

K, so sounds like config is fine. If one is failing, maybe do basic VPN debug and also check vpnd.elg files as well for that service. Out of curiosity, what service is it? Make sure its not expluded in the excluded services tab on the community options as per below.

Andy

 

Screenshot_1.png

0 Kudos
gemechisd
Contributor

@the_rock Thank you for the reply.

One thing to keep in mind, the service worked/reachable when we allow server to server without NAT on the Encryption Domain. But with NAT it will not work.

Below you will the excluded services screenshot form the community. 

0 Kudos
the_rock
Legend
Legend

Might be worth TAC case to double check.

Best,

Andy

0 Kudos
PhoneBoy
Admin
Admin

What are the precise details of the NAT you've configured on your end, working and non-working?
Possible this is an issue on the remote end.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events