Cisco 2811 VPN tunnel With CheckPoint NGX R65

Unanswered Question
Jun 14th, 2010

Hi Guys,

I have setup a tunnel from my Cisco to the customer's checkpoint.

Tunnel comes up at phase 1 and 2.

however they want me to now nat my source network which is 192.168.0.0/24 onto 10.242.101.0/24

meaning on a host oer host basis:

192.168.0.6 to 10.242.101.2

192.168.0.7 to 10.242.101.3

etc....

My router has IP 192.168.0.210 on fa0/1 and my public ip is on fa0/0

My issue is how do i nat my 192.168.0.0/24 network onto the 10.242.101.0/24 network which is not even found on my router?

They need to see my source IP coming from the 10.242.101.0/24 network.

I also need to to nat then incoming as they will be accessing my services via the 10.242.101.0/24 network as well.

Can someone shed some light on this please?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
adhar Sat, 06/19/2010 - 07:05

When using nat for your ipsec, you should use the nat'ed ip in the interesting traffic (crypto acl) to trigger the tunnel. Other than that the nat configuraition will be as usual. Hope this helps !

Actions

This Discussion