Hi,

customer has a S2S VPN from the office Check Point to Azure.

They are able access all their servers hosted in Azure via the VPN.

Now they want to access an Azure web server from the Internet but via the office CP. 

I have implemented the following:

1. Added a rule allowing Internet access to the web server public IP (https)

2. Added a source and destination NAT rule 

    where 

    original source - Internet

    original destination - 196.x.x.x

    translated source - 172.30.x.x  (internal IP)

    translated destination - 192.168.x.x 

3. Added the public IP to the Azure VPN domain

4. Internal IP included the CP gateway VPN domain

5. Changed VPN routing to "To center or through the center  to other satellites, to Internet and other VPN targets"

Logs show the traffic being "Encrypted in the community" and the relevant NAT rule applied.

However we can't access the web site.

tcpdump and fw monitor do not capture anything for the translated source or translated destination IPs. 

I suspect that the traffic does not traverse the VPN, maybe because not being translated?

fw monitor does show this for my IP, from what I understand the NAT should have taken place before the "Post-Outbound VM"

[vs_0][ppak_0] eth1:Oe[44]: 41.160.x.x -> 196.x.x.x (TCP) len=52 id=51573
TCP: 56844 -> 80 .S.... seq=106564e8 ack=0000000

Am I missing any configs?