This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JoSec
Contributor
‎2022-04-19 06:56 AM

VPN Behind Router Using NAT

I have a situation where it would be easier if I can establish a Site to Site VPN from Checkpoint gateways (R80.40) behind an on-premise router doing NAT to two Availability Zones in AWS using a Palo Alto active passive cluster in each AZ functioning as active passive environments using BGP. My questions listed below.

1. Can I establish a site to site VPN behind the Router doing NAT? Is just as easy as changing the Link Selection to Statically Nated IP and using the public IP the router would use for NAT? If this is correct, any other configuration options.

2. If yes to above, any issue with doing this with Palo Alto gateways as the peer?

Thanks

6 Replies
G_W_Albrecht
Legend
Legend
‎2022-04-19 08:01 AM

1. Possible to be established using NAT-T (UDP 4500) from CP GW to peer or peer to CP (sk32664).

CCSE CCTE SMB Specialist
JoSec
Contributor
‎2022-04-19 08:08 AM
In response to G_W_Albrecht

Therefore, following sk32664 would require no configuration change to the Link selection?

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-04-19 09:46 AM
In response to JoSec

You can try or ask TAC - i would assume no. This only concerns IKE proposals, so not so much difference to usual IKE.

CCSE CCTE SMB Specialist
0 Kudos
the_rock
Champion
Champion
‎2022-04-19 09:57 AM
In response to JoSec

I had done this before and you dont need to do anything with link selection.

Andy

JoSec
Contributor
‎2022-04-20 07:52 AM
In response to the_rock

Thanks for the responses. I'll be setting this up in the next few weeks and will update this thread.

the_rock
Champion
Champion
‎2022-04-20 08:16 AM
In response to JoSec

Definitely let us know the results mate.

Andy

0 Kudos