Hide-NAT over IPSEC VPN Tunnel
Freshman Member
I've got a site-to-site IPSEC tunnel running between my USG40 and a Checkpoint firewall managed by an external supplier. They want me to use a feature called Hide-NAT - https://www.checkpoint.com/smb/help/utm1/8.2/7058.htm
So basically when any traffic from the internal LAN subnet destined for the server at the remote end of the VPN tunnel gets translated so at the far side it presents as the Public WAN IP address.
Is this possible? I've tried various SNAT and Destination NAT settings without much success.
All Replies
-
Welcome to Zyxel Community :)
I am going to describe in theoretical mode, but from my point of view it should be possible.
The flow from Site A to Site B will be NATed on Site A, so the VPN should be configured from the NATed IP Site A to Network SIte B.
And flows from Site B to Site A will be NATed on Site B, so the VPN should be configured from the NATed IP Site B to Network SIte A.
I hope it helps.
Regards
0 -
Hi nick_patchett
There is function named "Inbound/Outbound traffic NAT" in VPN phase 2 configuration.
It can hind real IP address in your VPN tunnel.
0 -
0
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
