Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernardes
Advisor
Jump to solution

VPN Site-to-Site with NAT

Hello Mates!

Could you please help me with a question?

 

I need to configure a Site-to-Site VPN, but for the remote peer (my partner site), a single IP address must arrive and not my entire subnet or subnet group.

For example: I have an 172.16.1.0/24 subnet, but my partner requires that this subnet arrives through the 192.168.1.10 IP.

May I have to put this single IP on VPN domain community by my side? How can I configure that on Check Point solution? And how can I confirm that is working fine?

Thank you!

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

Your encryption domain must include the “traffic to encrypt” which would be your local subnet.
You configure a manual NAT rule to translate your subnet when communicating to their encryption domain to the relevant IP (hide or source NAT depending on requirement).

View solution in original post

the_rock
Legend
Legend

Also, to add to what @PhoneBoy said, make sure option for NAT inside VPN community (I believe last tab on the left at the bottom) is not checked where it says "Disable NAT inside VPN community" and then simply create manual NAT rule to reflect changes you want.

Andy

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

Your encryption domain must include the “traffic to encrypt” which would be your local subnet.
You configure a manual NAT rule to translate your subnet when communicating to their encryption domain to the relevant IP (hide or source NAT depending on requirement).

the_rock
Legend
Legend

Also, to add to what @PhoneBoy said, make sure option for NAT inside VPN community (I believe last tab on the left at the bottom) is not checked where it says "Disable NAT inside VPN community" and then simply create manual NAT rule to reflect changes you want.

Andy

PhoneBoy
Admin
Admin

That's an important option that I forget exists...and yet can still recall setting up VPNs in Traditional Mode 🙂

0 Kudos
the_rock
Legend
Legend

No matter what, you are ALWAYS going to be CP guru 🙌

0 Kudos
Bernardes
Advisor

@the_rock  @PhoneBoy thank you so much for your help. I can configure successfully the VPN site-to-site with NAT so that the remote site receives just only one IP, no mattering which device was connected on my side.

the_rock
Legend
Legend

Glad it helped you.

Andy

0 Kudos