NAT isue with site to site VPN configuration

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi Everyone with encryption domain

I am facing issue with Site to Site VPN encryption domain

I have create site site to tunnel between checkpoint and Azure VPN gateway.

My firewall is deployed in Azure and my Vnet IP Pool is 10.10.0.0/16, we added entire subnet in encrytion domain. and setelite encrytion domain is 10.250.6.0/24

our tunnel is up and we are able to access peer and subnet form my etire Vnet subnet.

But we have issue when any user coming from AO VPN subnet which are using diffrent subnet (10.130.0.0/16) and we can not add that subnet in encrytion domain becuase if we add in this LAnding Zone traffic will not communicate with another vnet.

we did hide NAT with one firewall external interface IP Pool, so AO VPN traffic will hide with that perticular IP.

Below the NAT statement

source :- 10.139.0.0/16

DST :- 10.250.6.0/24

Translate Src :- 10.10.10.10

so if src is 10.139.0.0/16 going to 10.250.6.0/24 should be translated to 10.10.10.10

10.10.10.10 is part of encryption domain and should work,

but after applying policy, i can see only Syn packet on firewall, my communication is not working.

I am suspecting issue with NAT.

Thank you in advance for your suport

Regards

Abhishek