This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gemechisd
Contributor
‎2024-01-10 09:29 AM

Site to Site IPSec VPN with NAT

Hi @All

 

We have a Site to Site IPSec VPN with our partner having FortiGate firewall. We have faced an issue with one of the outbound services. Our source IP is

Local ED: 10.100.3.70
Remote ED: 102.218.49.85
NAT IP: 196.188.175.136

They want our ED to be natted to the NAT IP. When I have done the "fw ctl zdebug + drop | grep 102.218.49.85" attached here with is the error. Can anyone look into it?

Appreciate your help.

fw ctl debug.PNG
Preview file
351 KB
0 Kudos
2 Replies
JoSec
Collaborator
‎2024-01-10 10:07 AM

Is this route based VPN or Domain based VPN? If domain based, did you add the NAT address to the VPN domain group and is your rule configured to utilize the correct VPN community?

0 Kudos
the_rock
Legend
Legend
‎2024-01-10 10:12 AM
In response to JoSec

Definitely seems like domain based, otherwise FGT enc domain would be 0.0.0.0/0

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top