I would like to setup a VPN between our HQ (a cluster of Checkpoint Open Servers R77.30) on one side and a Check Point Appliance 1430 on the other side. The 1430 is located behind a Provider Router with NAT.
The 1430 has the IP 192.168.100.50 on its WAN side. All traffic arriving at the public/fixed IP (18.104.22.168) of the provider router is directed to the 1430 behind.
Behind the 1430 I have some other networks from the range 10.64.0.0/16 on the LAN side.
Im am using the VPN community where this 1430 should be added to for approx. 12 other VPN connections (without NAT) which are working fine.
Our security management is reachable from the Gateway, Policies can be fetched and pushed and Security Management connection is green in the 1430 web configuration pages. It is also shown as green in the Smartcenter.
I have made the following settings:
General IP of the 1430: 192.168.100.50 (the IP of the WAN interface)
Topology: External 192.168.100.50, Internal 10.64.x.y with Topology Entry 10.64.0.0/16
NAT: [ ] Hide internal networks behind gateway's external IP (not set)
NAT > Advanced: [x] Add automatic translation rule .... (set)
Translation Method: Static
Translate to IP Address: The public fixed IP of the provider Router (22.214.171.124)
Install on gateway: on the CheckPoint Open Servers Cluster @ HQ
IPSec VPN > Link Selection > Locally managed VPN peers determine .... Always use this IP Address (set)
Statically NATed IP: The public fixed IP of the provider Router (126.96.36.199)
Outgoing Route Selection:
Operation system routing table
The routing on the HQ gateways to 10.64.0.0/16 are set pointing to the default gateway (provider router @ HQ).
I can see security associations between the Gateways on both sides, all looks good so far, but I can not send packages through the tunnel.
Can somebody help me out of this? Did I forget to configure something?