Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
1
Replies

VPN 3005

gcocchi
Level 1
Level 1

‎04-02-2007 02:12 AM - edited ‎02-21-2020 02:57 PM

Hi.

I have 2 VPN 2005. I need to put the concentrators an a DMZ lan protected by a checkpoint firewall that do nat.

I issigned ip address foreach vpn device on private lan, and none for public. Because checkpoint do nat for vpn concentrators, i cannot use public interface, it's useless.

I would like to know if it's possible to use only one interface to create lan-to-lan network between us and our customers (ipsec + nat) or i need to setup public interface, give to it a different network than dmz, and let checkpoint do 1:1 nat with this public interface.

I need advices. Thx.

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎04-06-2007 06:27 AM

I think it is possible to do NAT and IPSec on same interface. I will prefer doing it on same interface rather than doing IPsec on concentrator and NAT on checkpoint.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents