- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
I have a situation where it would be easier if I can establish a Site to Site VPN from Checkpoint gateways (R80.40) behind an on-premise router doing NAT to two Availability Zones in AWS using a Palo Alto active passive cluster in each AZ functioning as active passive environments using BGP. My questions listed below.
1. Can I establish a site to site VPN behind the Router doing NAT? Is just as easy as changing the Link Selection to Statically Nated IP and using the public IP the router would use for NAT? If this is correct, any other configuration options.
2. If yes to above, any issue with doing this with Palo Alto gateways as the peer?
Thanks
1. Possible to be established using NAT-T (UDP 4500) from CP GW to peer or peer to CP (sk32664).
Therefore, following sk32664 would require no configuration change to the Link selection?
You can try or ask TAC - i would assume no. This only concerns IKE proposals, so not so much difference to usual IKE.
I had done this before and you dont need to do anything with link selection.
Andy
Thanks for the responses. I'll be setting this up in the next few weeks and will update this thread.
Definitely let us know the results mate.
Andy
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY