CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of R80.10.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 4 of 4

Thread: nat problem

  1. #1
    Join Date
    2016-02-05
    Posts
    4
    Rep Power
    0

    Default nat problem

    I created a rule nat like this.

    Source
    Group member (with 3 ip from 10.0.0.2 to 10.0.0.4)
    Dest
    10.192.0.22
    NatSource (static)
    10.192.0.55
    Dest
    original


    On logs of smart tracker I don't have xlate src 10.192.0.55 but a different ip.. like this 21.150.2.32

    Any idea?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,201
    Rep Power
    14

    Default Re: nat problem

    Is there another NAT Rule either Manual or Automatic placed above the NAT rule you created.

    Being a Public IP then would appear that possibly a Hide Behind gateway Automatic NAT on a Network Object that covers the hosts and the Automatic NAT is above the NAT rule you created so would be matched first.

    By the way pretty pointless doing a Static NAT for 3 Sources, as the point in Static NAT is 1:1 Mapping so can initiate traffic to the NAT IP that is then sent to specific host.

    With what configured may as well use a Hide NAT.

  3. #3
    Join Date
    2016-02-05
    Posts
    4
    Rep Power
    0

    Default Re: nat problem

    You are right. There is a nat addional rule on log. I checked in nat rule table and is an automatic rule but I don't see any match..

    The automatic nat rule is this

    source
    10.34.3.22
    dest
    any
    natsource
    10.34.3.22 (hiding address)
    dest
    original

    Hide Behind gateway Automatic NAT on a Network Object is the first nat rule but public ip is different. I have on nat rule 1 this public ip 54.44.2.12
    Last edited by seven80; 6 Days Ago at 05:42.

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,065
    Rep Power
    10

    Default Re: nat problem

    you are trying to HIDE NAT 3 IP's behind 1 IP, so set the NAT Type to Hide.
    Regards, Maarten.
    Dual P1 R77.30, VSX, IPSO, SPLAT, GAIA mostly.

Similar Threads

  1. New installation problem R75.20 connectivity problem
    By vbavbalist in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2011-12-28, 15:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •