Hide-NAT over IPSEC VPN Tunnel
I've got a site-to-site IPSEC tunnel running between my USG40 and a Checkpoint firewall managed by an external supplier. They want me to use a feature called Hide-NAT - https://www.checkpoint.com/smb/help/utm1/8.2/7058.htm
So basically when any traffic from the internal LAN subnet destined for the server at the remote end of the VPN tunnel gets translated so at the far side it presents as the Public WAN IP address.
Is this possible? I've tried various SNAT and Destination NAT settings without much success.
All Replies
-
Welcome to Zyxel Community :)
I am going to describe in theoretical mode, but from my point of view it should be possible.
The flow from Site A to Site B will be NATed on Site A, so the VPN should be configured from the NATed IP Site A to Network SIte B.
And flows from Site B to Site A will be NATed on Site B, so the VPN should be configured from the NATed IP Site B to Network SIte A.
I hope it helps.
Regards
0 -
Hi nick_patchett
There is function named "Inbound/Outbound traffic NAT" in VPN phase 2 configuration.
It can hind real IP address in your VPN tunnel.
0 -
0
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 415 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight