AnsweredAssumed Answered

VPN between CP Module and 1430 behind NAT

Question asked by Uwe Poliak on Nov 8, 2017
Latest reply on Nov 10, 2017 by Uwe Poliak


I would like to setup a VPN between our HQ (a cluster of Checkpoint Open Servers R77.30) on one side and a Check Point Appliance 1430 on the other side. The 1430 is located behind a Provider Router with NAT.

The 1430 has the IP on its WAN side. All traffic arriving at the public/fixed IP ( of the provider router is directed to the 1430 behind. 

Behind the 1430 I have some other networks from the range on the LAN side. 

Im am using the VPN community where this 1430 should be added to for approx. 12 other VPN connections (without NAT) which are working fine.

Our security management is reachable from the Gateway, Policies can be fetched and pushed and Security Management connection is green in the 1430 web configuration pages. It is also shown as green in the Smartcenter. 


I have made the following settings: 

General IP of the 1430:   (the IP of the WAN interface)

Topology: External, Internal 10.64.x.y with Topology Entry

NAT: [ ] Hide internal networks behind gateway's external IP (not set)

NAT > Advanced: [x] Add automatic translation rule .... (set)

Translation Method: Static

Translate to IP Address: The public fixed IP of the provider Router (

Install on gateway: on the CheckPoint Open Servers Cluster @ HQ


IPSec VPN > Link Selection > Locally managed VPN peers determine ....  Always use this IP Address (set)

 Statically NATed IP: The public fixed IP of the provider Router (

Outgoing Route Selection: 

 Operation system routing table


The routing on the HQ gateways to are set pointing to the default gateway (provider router @ HQ).


I can see security associations between the Gateways on both sides, all looks good so far, but I can not send packages through the tunnel. 


Can somebody help me out of this? Did I forget to configure something?


Kind regards