Hide-NAT over IPSEC VPN Tunnel
Freshman Member
I've got a site-to-site IPSEC tunnel running between my USG40 and a Checkpoint firewall managed by an external supplier. They want me to use a feature called Hide-NAT - https://www.checkpoint.com/smb/help/utm1/8.2/7058.htm
So basically when any traffic from the internal LAN subnet destined for the server at the remote end of the VPN tunnel gets translated so at the far side it presents as the Public WAN IP address.
Is this possible? I've tried various SNAT and Destination NAT settings without much success.
All Replies
-
Welcome to Zyxel Community :)
I am going to describe in theoretical mode, but from my point of view it should be possible.
The flow from Site A to Site B will be NATed on Site A, so the VPN should be configured from the NATed IP Site A to Network SIte B.
And flows from Site B to Site A will be NATed on Site B, so the VPN should be configured from the NATed IP Site B to Network SIte A.
I hope it helps.
Regards
0 -
Hi nick_patchett
There is function named "Inbound/Outbound traffic NAT" in VPN phase 2 configuration.
It can hind real IP address in your VPN tunnel.
0 -
0
Master Member
Categories
- All Categories
- 434 Beta Program
- 2.7K Nebula
- 174 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 418 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 270 Service & License
- 416 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 87 Security Highlight
