Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ianhunter
Explorer
Jump to solution

Question regarding NAT behavior with VPN

Hello,

I have a question regarding NAT behavior in relation to IPSEC tunnels. Consider this scenario: 

FW1 -> FW2 (through IPSEC VPN)

Policy on FW1 ---

Source: HostObj1 (host object with private IP, NAT to public IP - automatic NAT rule created)

Destination: HostObj2, HostObj3, ...

VPN: MyCommunity1

Action: Accept

---

My question, will source NAT apply to this traffic since VPN involved? If not, is there any setting that controls this or documentation that supports it? 

Thanks in advance. 

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

Just make sure NAT setting is NOT disabled inside vpn community object.

Andy

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

Yes, source NAT will apply.

the_rock
Legend
Legend

Just make sure NAT setting is NOT disabled inside vpn community object.

Andy

ianhunter
Explorer

Thanks! So if I understand correctly, source NAT will apply unless this is set? 

 

image.png

0 Kudos
the_rock
Legend
Legend

Thats right!

Andy

0 Kudos
the_rock
Legend
Legend

VPN Communities - Advanced (checkpoint.com)

Disable NAT Inside the VPN Community

Even if NAT is configured it is possible to disable NAT inside the VPN community. If NAT is disabled, when a host behind a community member opens a connection with another host behind a community member, the original IP addresses are used. Other connections use the translated address.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events