This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JoSec
Collaborator
‎2022-04-19 06:56 AM

VPN Behind Router Using NAT

I have a situation where it would be easier if I can establish a Site to Site VPN from Checkpoint gateways (R80.40) behind an on-premise router doing NAT to two Availability Zones in AWS using a Palo Alto active passive cluster in each AZ functioning as active passive environments using BGP. My questions listed below.

1. Can I establish a site to site VPN behind the Router doing NAT? Is just as easy as changing the Link Selection to Statically Nated IP and using the public IP the router would use for NAT? If this is correct, any other configuration options.

2. If yes to above, any issue with doing this with Palo Alto gateways as the peer?

Thanks

6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-04-19 08:01 AM

1. Possible to be established using NAT-T (UDP 4500) from CP GW to peer or peer to CP (sk32664).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
JoSec
Collaborator
‎2022-04-19 08:08 AM
In response to G_W_Albrecht

Therefore, following sk32664 would require no configuration change to the Link selection?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-04-19 09:46 AM
In response to JoSec

You can try or ask TAC - i would assume no. This only concerns IKE proposals, so not so much difference to usual IKE.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2022-04-19 09:57 AM
In response to JoSec

I had done this before and you dont need to do anything with link selection.

Andy

JoSec
Collaborator
‎2022-04-20 07:52 AM
In response to the_rock

Thanks for the responses. I'll be setting this up in the next few weeks and will update this thread.

the_rock
Legend
Legend
‎2022-04-20 08:16 AM
In response to JoSec

Definitely let us know the results mate.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events