CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 4 of 4

Thread: nat problem

  1. #1
    Join Date
    2016-02-05
    Posts
    7
    Rep Power
    0

    Default nat problem

    I created a rule nat like this.

    Source
    Group member (with 3 ip from 10.0.0.2 to 10.0.0.4)
    Dest
    10.192.0.22
    NatSource (static)
    10.192.0.55
    Dest
    original


    On logs of smart tracker I don't have xlate src 10.192.0.55 but a different ip.. like this 21.150.2.32

    Any idea?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,236
    Rep Power
    15

    Default Re: nat problem

    Is there another NAT Rule either Manual or Automatic placed above the NAT rule you created.

    Being a Public IP then would appear that possibly a Hide Behind gateway Automatic NAT on a Network Object that covers the hosts and the Automatic NAT is above the NAT rule you created so would be matched first.

    By the way pretty pointless doing a Static NAT for 3 Sources, as the point in Static NAT is 1:1 Mapping so can initiate traffic to the NAT IP that is then sent to specific host.

    With what configured may as well use a Hide NAT.

  3. #3
    Join Date
    2016-02-05
    Posts
    7
    Rep Power
    0

    Default Re: nat problem

    You are right. There is a nat addional rule on log. I checked in nat rule table and is an automatic rule but I don't see any match..

    The automatic nat rule is this

    source
    10.34.3.22
    dest
    any
    natsource
    10.34.3.22 (hiding address)
    dest
    original

    Hide Behind gateway Automatic NAT on a Network Object is the first nat rule but public ip is different. I have on nat rule 1 this public ip 54.44.2.12
    Last edited by seven80; 2017-05-16 at 05:42.

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,098
    Rep Power
    11

    Default Re: nat problem

    you are trying to HIDE NAT 3 IP's behind 1 IP, so set the NAT Type to Hide.
    Regards, Maarten.
    Dual P1 R77.30, VSX, IPSO, SPLAT, GAIA mostly.

Similar Threads

  1. New installation problem R75.20 connectivity problem
    By vbavbalist in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2011-12-28, 15:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •