AnsweredAssumed Answered

Static NAT on ISAKMP traffic

Question asked by Richard Lee on Jul 18, 2018
Latest reply on Jul 18, 2018 by Timothy Hall

Has anyone ran into issues with trying to NAT isakmp traffic out of their Checkpoint firewalls? We are trying to pass VPN traffic through our checkpoint firewalls and our static NAT is not working for this connection. A TCP dump on the outside external interface shows that the rfc1918 address is not being translated.

 

The router initiating the VPN connection outbound only does isakmp, but I know that if I install policy with the same public IP NAT for my internal workstation I verified NAT is working for http/https.

 

I've got mixed information from support saying that the ipsec blade might be trying to interfere with this traffic and then I have the NAT support team saying that this is a connections table issue. Clearing the connections table in a clustered environment will cause a major outage.

 

I'm going to reconfigure the VPN device with a different IP to test next. Anyone else ever run into something like this where you're trying to pass VPN traffic through the firewall?

Outcomes