This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christian_Dave_
Participant
‎2018-11-28 08:06 AM

NAT is not working via VPN

I have a site to site VPN connection. The source address is not translating going to the destination. There's no tunnel established. I have a TAC already working but also can't resolve the issue. We have done multiple debugs but can't find relevant information. Also from the "fw monitor" we can see the traffic but i's not translating. What else we need to check? Appreciate your help guys.

8 Replies
Christian_Dave_
Participant
‎2018-11-28 08:10 AM

The VPN community is properly configured as per the client peer requirement. We have properly configured as well the vpn domain in the toplogy of both gateways.

The Rule  is (Source: Original Srouce IP; Destination: Destination IP; Port: https, http)

For the Nat rule: The source shold translate to another Public IP going to the original destination.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-28 07:00 PM

Most obvious thing that comes to mind is the NAT setting in the community:

0 Kudos
Christian_Dave_
Participant
‎2018-11-29 05:03 AM
In response to PhoneBoy

Hi Dameon,

Appreciated your response. I have checked that before already. Actually I have a TAC engaged already but still without success. We have tried to do a packet capture and still the source private ip is not translating to a public ip going to the destination. When we removed the vpn community on the rule, the source ip is translating.

What other things we need to check? Any idea?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-29 06:02 AM
In response to Christian_Dave_

Can you send me the TAC SR in question (perhaps in a PM)?

0 Kudos
Christian_Dave_
Participant
‎2018-12-04 10:47 AM
In response to PhoneBoy

Hi Dameon,

Appreciated your help. We reconfigure the vpn community and encryption domain. Now we are able to see the tunnel and able to see encrypted packets on the log.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-04 12:18 PM
In response to Christian_Dave_

Glad you got it sorted out.

0 Kudos
Christian_Dave_
Participant
‎2018-12-07 06:47 AM
In response to PhoneBoy

Thank You Dameon.. We figured out that the destination IP was included on our encrytion domain. That's why the source IP is not translating..

0 Kudos
wsusetio
Explorer
‎2022-03-08 11:18 PM
In response to PhoneBoy

Hi, I have same issue. Tried to access the system that is on VPN but the source is not part of encryption domain. I nated the source to IP that is part of encryption domain. But it  is not translating. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top