This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
Advisor
8 hours ago

VPN Tunnel Setup with NAT

Hi,

We need to establish a VPN tunnel with another company to allow our employees to access a server located on their network.

Since our network consists of multiple subnets, we’ve decided to use NAT to simplify the setup.

Our approach is to create a host object with an IP (e.g., 10.10.1.1) and use it as the Translated Source in the NAT rule.

The VPN domain will only include this IP.

 

NAT rule:

Original source: our internal subnets

Original destination: Internal IP of the server of the other company

Original services: any

Translated source: 10.10.1.1 object

Translated Destination: Original

Translated Services: Original

 

The question: When we add an object as a Translated Source, why do we need to choose the NAT method? We need only to send 10.10.1.1 through the VPN tunnel?

Is it to determine how we should hide the IP (e.g., 10.10.1.1)?

If we hide 10.10.1.1, how will the other company's firewall translate our external IP back to 10.10.1.1?

Should we enable or disable NAT within the VPN community?

So, I need to understand how this is going to work.

 

 

Thank you in advanced!

 

0 Kudos
2 Replies
the_rock
Legend
Legend
8 hours ago

You need to choose the method, since it has to know whether its hide or static nat.

Also, I would enable NAT inside the community.

Andy

0 Kudos
CaseyB
Advisor
7 hours ago

If your network is doing all of the traffic initiation / communication, a hide NAT works just fine. If the other side is trying to initiate traffic to that hide NAT, that is where you will run into issues.

Your encryption domain will need to include all of the subnets you are hiding plus the NAT address.

Enable NAT within the community.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events