Re: VPN Help required

OHITS-OPS · ‎09-13-2006

I have a situation where I need to setup a VPN L2L tunnel. The peer is using Checkpoint NG and I am using a PIX 515 (Code: 6.2(2))

Now my problem is the following:

The peer (Checkpoint end) needs us to 'hide'our LAN address (our LAN address is on a 10.x.x.x subnet) so that it can communicate with their internal LAN. The Checkpoint side will only allow us to communicate with them if we 'hide' our LAN side IP address.

Now my question is:

How can I setup the VPN tunnel so that when traffic goes out from my LAN to the Checkpoint it gets NAT'ed to a internet routable IP (which I have).

I hope the above explanation is clear but if you require further information then please let me know.

Any help/advice on this will be very much appreciated, I would really be grateful if someone can post configuration examples

Many thanks.

craigmc24 · ‎09-14-2006

See : VPN and NAT : topic bellow

Wilson Samuel · ‎09-16-2006

Hi,

As far as I understand from your post is that you are struck with a situation where in you want to establish a VPN to an organization which also uses the same IP Address Space as you do.

Now if this is the situation, you may configure the VPN Tunnel along with NATting as explained in the Overlapping Networks.

Though Cisco Supports this type of Overlapping NATted Networks, however I'm not sure with CheckPoint NG.

Below are two links which shows how to configure IPSec Tunnel between NG and PIX and NATting between overlapped network, respectively.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef796.shtml

Please feel free to revert back if any more queries.

Kind Regards,

Wilson Samuel

PS: Please rate if it helps