I am trying to establish a vpn tunnel to a remote site from behind a checkpoint firewall. The firewall uses a hide nat for all computers on the network. The tunnel is initially connected but then is timed out when the client doesnt receive the keepalives. I see packets coming back that are being dropped by the firewall. Is it possible to create and maintain a vpn through a hide nat or do I have to do a static nat for all users trying to use the vpn?