![]() Traffic originated from Alice internal machine, Source IP, internal (included in Alice encryption domain), Destination IP, Bob public IP (included in Bob encryption domain) ![]() Traffic form Alice side to Bob doesn't work. ![]() Translated source: internal IP of Alice FW (CheckPoint), Translated destination: internal private IP of Alice. And the NAT: Original source: Public IP 1 of Bob, Original destination: Public IP 1 of Alice. I (Alice) have a Policy: Source: Bob_enc_domain (their publi) Destination: (Alice encryption domain, public and private IPs), VPN: the Community Service: Any Action: accept Traffic from the opposite side to one of our hosts success: Both public ranges and Alice IP range are included in the encryption domains To avoid overlaping problems in the future we agreed in using a small range of public IP in each side with NAT. Our (Alice) R77.30 with public IP, oposite side (Bob) Cisco ASA with public IP, so no NAT-T. A Star IPSEC VPN with two Gateways (let's call our site Alice and the opposite side Bob) We have a problem with an appliance running R77.40, IPSEC and source NAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |