AnsweredAssumed Answered

VPN Remote Access Behind NAT

Question asked by Gary Torrico on Apr 24, 2018
Latest reply on Apr 24, 2018 by Dameon Welch Abernathy

Hello Guys.

 

I have problems when implementing remote access behind NAT. I have the following configuration:

ClusterXL Active-Backup.
ISP Redundacy - Ative Backup.
Link Selection - Calculate IP based on network topology.

 

 

Currently firewalls work with private IPs on the external interfaces. I have a router that performs NAT 1-1 from the IP public to the private IP of the firewall.

 

The solution works very well, but when I try to connect with Check Point Mobile via VPN remote Access to IP Public it is successful. But when I try to connect for the second time, the Check Point Mobile agent changes the public IP to a private IP of the Cluster and the connection is not completed.

 

When I connect to CAPSULE VPN, everyone is successful, also when I make the second attempt. CAPSULE VPN there are no problems.

 

Now try to configure all the options of Link SELECTION but the only one that works successfully is the option "Staticaly NATed IP". But this option is limiting since it only allows you to put a NATed IP, since I am working with two ISP "ISP REDUNDANCY".

 

Please can you tell me how I can solve the IP change problem at Check Point Mobile.

 

Thank you,

Outcomes