CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 4 of 4

Thread: nat problem

  1. #1
    Join Date
    2016-02-05
    Posts
    7
    Rep Power
    0

    Default nat problem

    I created a rule nat like this.

    Source
    Group member (with 3 ip from 10.0.0.2 to 10.0.0.4)
    Dest
    10.192.0.22
    NatSource (static)
    10.192.0.55
    Dest
    original


    On logs of smart tracker I don't have xlate src 10.192.0.55 but a different ip.. like this 21.150.2.32

    Any idea?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,246
    Rep Power
    15

    Default Re: nat problem

    Is there another NAT Rule either Manual or Automatic placed above the NAT rule you created.

    Being a Public IP then would appear that possibly a Hide Behind gateway Automatic NAT on a Network Object that covers the hosts and the Automatic NAT is above the NAT rule you created so would be matched first.

    By the way pretty pointless doing a Static NAT for 3 Sources, as the point in Static NAT is 1:1 Mapping so can initiate traffic to the NAT IP that is then sent to specific host.

    With what configured may as well use a Hide NAT.

  3. #3
    Join Date
    2016-02-05
    Posts
    7
    Rep Power
    0

    Default Re: nat problem

    You are right. There is a nat addional rule on log. I checked in nat rule table and is an automatic rule but I don't see any match..

    The automatic nat rule is this

    source
    10.34.3.22
    dest
    any
    natsource
    10.34.3.22 (hiding address)
    dest
    original

    Hide Behind gateway Automatic NAT on a Network Object is the first nat rule but public ip is different. I have on nat rule 1 this public ip 54.44.2.12
    Last edited by seven80; 2017-05-16 at 05:42.

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,110
    Rep Power
    11

    Default Re: nat problem

    you are trying to HIDE NAT 3 IP's behind 1 IP, so set the NAT Type to Hide.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. New installation problem R75.20 connectivity problem
    By vbavbalist in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2011-12-28, 15:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •