Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Abhishek_Kumar1
Collaborator

NAT isue with site to site VPN configuration

Jump to solution

Hi Everyone with encryption domain

I am facing issue with Site to Site VPN encryption domain

I have create site site to tunnel between checkpoint and Azure VPN gateway. 

My firewall is deployed in Azure and my Vnet IP Pool is 10.10.0.0/16, we added entire subnet in encrytion domain. and setelite encrytion domain is 10.250.6.0/24

our tunnel is up and we are able to access peer and subnet form my etire Vnet subnet.

But we have issue when any user coming from AO VPN subnet which are using diffrent subnet (10.130.0.0/16) and we can not add that subnet in encrytion domain becuase if we add in this LAnding Zone traffic will not communicate with another vnet.

we did hide NAT with one firewall external interface IP Pool, so AO VPN traffic will hide with that perticular IP.

Below the NAT statement

source :- 10.139.0.0/16    

DST :- 10.250.6.0/24

Translate Src :- 10.10.10.10

 

so if src is 10.139.0.0/16 going to 10.250.6.0/24 should be translated to 10.10.10.10

10.10.10.10 is part of encryption domain and should work, 

but after applying policy, i can see only Syn packet on firewall, my communication is not working.

I am suspecting issue with NAT.

Thank you in advance for your suport 

 

Regards

Abhishek

 

 

 

0 Kudos
2 Replies
This widget could not be displayed.