Hide-NAT over IPSEC VPN Tunnel
I've got a site-to-site IPSEC tunnel running between my USG40 and a Checkpoint firewall managed by an external supplier. They want me to use a feature called Hide-NAT - https://www.checkpoint.com/smb/help/utm1/8.2/7058.htm
So basically when any traffic from the internal LAN subnet destined for the server at the remote end of the VPN tunnel gets translated so at the far side it presents as the Public WAN IP address.
Is this possible? I've tried various SNAT and Destination NAT settings without much success.
All Replies
-
Welcome to Zyxel Community :)
I am going to describe in theoretical mode, but from my point of view it should be possible.
The flow from Site A to Site B will be NATed on Site A, so the VPN should be configured from the NATed IP Site A to Network SIte B.
And flows from Site B to Site A will be NATed on Site B, so the VPN should be configured from the NATed IP Site B to Network SIte A.
I hope it helps.
Regards
0 -
Hi nick_patchett
There is function named "Inbound/Outbound traffic NAT" in VPN phase 2 configuration.
It can hind real IP address in your VPN tunnel.
0 -
0
Master Member
Categories
- 6.9K All Categories
- 2 Education Center
- 1.4K Nebula
- 34 Nebula Ideas
- 40 Nebula Status and Incidents
- 3.9K Security
- 203 Security Ideas
- 750 Switch
- 31 Switch Ideas
- 627 WirelessLAN
- 9 WLAN Ideas
- 4.6K Consumer Product
- 105 Service & License
- 223 News and Release
- 39 Security Advisories
- 520 FAQ
- 238 Nebula FAQ
- 120 Security FAQ
- 73 Switch FAQ
- 67 WirelessLAN FAQ
- 6 Consumer Product FAQ
- Documents
- 30 Nebula Monthly Express
- 44 About Community
- 32 Security Highlight
