-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Southgate <[EMAIL PROTECTED]> wrote: > > We have a NAT rule that allows all the internal networks to travel > over the VPN without being NAT's (original-original-original) and all > other traffic towards the internet be NAT'd behind the Gateway > Address. When we apply an Auto NAT on the Network Object as per > Checkpoints instructions for ISP LB this places 2 rules at the top of > the NAT Rulebase one of which supersede the rule described above, > therefore the traffic across the VPN is NAT'd behind the gateway > address to. This causes the VPN to fail.
There is a checkbox option for the VPN Community which you can mark, which will disable all NAT within the VPN. This is what we do, and we no longer need to specify No-NAT rules in our policies. You can also go to the NAT policy and move your manual NAT rules so that they are higher precedence than the auto-NAT rules, meaning they will take effect before auto-NAT is applied. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGTHXmFSrKRjX5eCoRAsU2AKCmb5qQ6ZSWuEn9l4cnams+IvlNXwCeOMM0 rrFGCfT0+8p9FS0pUuxP9GY= =ZdTW -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
