Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Teddy_Brewski
Contributor

Public IP of VPN gateway in the encryption domain

Jump to solution

Hello,

Remote site: Cisco ASA with a public IP. The requirement is to use this public IP in the encryption domain (they do NAT on their end).

Our site: Check Point R80.40. 

Traffic flow: from remote site.

When I create an interoperable object, can I use the IP address of the object in the encryption domain?  Since I cannot chose interoperable object from VPN Domain > User defined shall I create a host with the same IP and use host object instead?  Or specifying the external interface with IP assigned for the interoperable object and then choosing All IP Addresses behind Gateway is preferred? Or it's the same?

Thank you.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

I believe the gateway IP is implicitly included in the encryption domain.
It shouldn’t be necessary to include it.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

I believe the gateway IP is implicitly included in the encryption domain.
It shouldn’t be necessary to include it.

the_rock
Champion
Champion

Phoneboy is right, its automatically included, for sure.