Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BrunoMarques21
Contributor

Site to Site VPN Connection with NAT

Hello everybody!
Sorry if I posted in the wrong place, if I did, can you move my topic to the correct place?
I have a 3600 checkpoint with R81.10 take 335 standalone deployment.
I'm closing a Site to Site VPN with a company.
All networks that I have local were already being used on the company network that I want to close VPN.
So it was necessary to do a NAT, but I never did a NAT this way.
I tried to read the documentation but I couldn't find where I'm wrong.

The topology is as follows.

My business:
192.168.25.32/29

Company X:
Host IP: 10.1.3.115
Host IP: 10.1.3.116
Host IP: 172.22.99.99

I created the NAT rule

Original source: 192.168.100.48 a specific host to test the connection.
Original destination: 10.1.3.115
Original services: any
Translated Source: 192.168.25.33
Translated Destionation: Original
Translated Services: Original

I created the network rule.

Source: 10.1.3.115, 10.1.3.116, 172.22.99.99, 192.168.100.48 and 192.168.25.33
Destination: 10.1.3.115, 10.1.3.116, 172.22.99.99, 192.168.100.48 and 192.168.25.33
VPN:Community_to_company_x
Services & applications: any
Action: Accept
Track: Log

The client informs that the traffic arrives at his firewall, but it arrives with my company's public IP, the right thing would be to arrive with the NAT IP 192.168.25.33, so the firewall drops the packets

Sorry for my english, I'm using google translator

Message in log: Connection terminated before the Security Gateway was able to make a decision: Insufficient data passed.
To learn more see sk113479.

 

If you can answer this conversation with a print of how to configure it, I would greatly appreciate it

image.png

0 Kudos
4 Replies
This widget could not be displayed.