This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Malik1
Contributor
‎2022-11-03 08:32 AM
Jump to solution

Manual NAT For Site-to-site VPN

Hi Experts,

 

I have an existing IPSEC tunnel with one of my clients that's working fine. Now I have a requirement and need to translate my source subnet . 

I will add the subnet used for translation in the VPN domain at both ends. and add NAT rule. 

Firewall rules will remain the same as the policy is checked before NAT.

 

My question is do we create a bi-directional NAT rule, which has been shown in fig below. ? or just the nat rule 1 mentioned in the figure?

 

Is an automatic reverse NAT rule created?

 

Capture.PNG

 

 

Regards,

SM

0 Kudos
1 Solution

Accepted Solutions
RS_Daniel
Advisor
‎2022-11-03 09:59 AM
Jump to solution

Hello,

For traffic initiated from your local network to remote one, only rule 1 is needed, the firewall knows that thre reply packets need to be translated to the original source.

Your second rule is enabling traffic initiated from the remote network to your local network to be translated to the real host.

So it depends if traffic will be initiated from both sites or only from local to remote? in first case both rules are needed, in second case only the first rule.

Regards

View solution in original post

0 Kudos
2 Replies
the_rock
Legend
Legend
‎2022-11-03 08:38 AM
Jump to solution

Looks okay to me. Make sure NAT is NOT disabled in VPN community.

0 Kudos
RS_Daniel
Advisor
‎2022-11-03 09:59 AM
Jump to solution

Hello,

For traffic initiated from your local network to remote one, only rule 1 is needed, the firewall knows that thre reply packets need to be translated to the original source.

Your second rule is enabling traffic initiated from the remote network to your local network to be translated to the real host.

So it depends if traffic will be initiated from both sites or only from local to remote? in first case both rules are needed, in second case only the first rule.

Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events