CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > NAT (Network Address Translation)
Reload this Page NAT Pool Issue
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-06-23
petronius petronius is offline
Junior Member
  
Join Date: 2006-06-23
Posts: 2
Rep Power: 0
petronius has an average reputation (10+)
Default NAT Pool Issue
Is there a way to have an address pool (say a subnet) that is used for outgoing NAT assignment? Much like PAT but using a pool of addresses instead of using ports and a single address.

So on a PIX I can define an outgoing nat pool to be a range of addresses. As users go out, they grab one of those addresses from the pool and off they go.

Trying to recreate this on CheckPoint and can't seem to find it.
Reply With Quote
  #2 (permalink)  
Old 2006-06-23
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: NAT Pool Issue
As I know it's unsupported feature (if you use different ranges for real and public addresses). It will be working after manual editing user.def file, may be. But it's only for testing not for real using.
Last edited by kva.kva; 2006-06-23 at 13:32.
Reply With Quote
  #3 (permalink)  
Old 2008-02-07
joris joris is offline
Member
  
Join Date: 2005-12-16
Posts: 32
Rep Power: 0
joris has an average reputation (10+)
Default Re: NAT Pool Issue
Anyone knows if the NAT POOL issue that petronius have is supported in R65 ?
Reply With Quote
  #4 (permalink)  
Old 2008-02-07
accesslimiter accesslimiter is offline
Junior Member
  
Join Date: 2006-12-11
Posts: 10
Rep Power: 0
accesslimiter has an average reputation (10+)
Default Re: NAT Pool Issue
If you define two network ranges with equal count you can use this with outgoing source NAT, static or hide.
Reply With Quote
  #5 (permalink)  
Old 2008-02-25
joris joris is offline
Member
  
Join Date: 2005-12-16
Posts: 32
Rep Power: 0
joris has an average reputation (10+)
Default Re: NAT Pool Issue
Quote:
Originally Posted by accesslimiter View Post
If you define two network ranges with equal count you can use this with outgoing source NAT, static or hide.
mhh, what we want to achieve

original
source = any
destination = IP range/subnet ....

translated
source = IP range/subnet ....
destination = original

there is no 1:1 relation between original source and translated source.

any hints ?
Reply With Quote
  #6 (permalink)  
Old 2008-02-25
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 857
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: NAT Pool Issue
Use an Address Range and use that as the NAT for the Subnet that are translating. It will just use the next range in the IP range.

However looking at your requirement, is there any reason you cannot use a Hide NAT instead of an IP range to hide behind.
Reply With Quote
  #7 (permalink)  
Old 2008-03-10
cuthbei cuthbei is offline
Junior Member
  
Join Date: 2008-03-10
Posts: 1
Rep Power: 0
cuthbei has an average reputation (10+)
Default Re: NAT Pool Issue
I have spent a few hours trying to configure this today by altering the user.def file, but with no luck. I want to use this as my customer wishes to offer premium users a fixed personal IP for the length of the session, rather than share it with other users. If anyone has got this working on R65 I would love to know how.

Thanks, Cuthbei
Reply With Quote
  #8 (permalink)  
Old 2008-03-31
joris joris is offline
Member
  
Join Date: 2005-12-16
Posts: 32
Rep Power: 0
joris has an average reputation (10+)
Default Re: NAT Pool Issue
Quote:
Originally Posted by mcnallym View Post
Use an Address Range and use that as the NAT for the Subnet that are translating. It will just use the next range in the IP range.

However looking at your requirement, is there any reason you cannot use a Hide NAT instead of an IP range to hide behind.
Because we have some devices behind the FW are doing electronic payments and the card company IPS does not allow xx payments in xx time from the same ip adress. That's why a hide pool for those device would do the trick.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 15:34.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0