![]() Is this option possible or should it be done a different way? I don’t know how I can send traffic across as I would need to add the site B remote encryption network into the CheckPoint local encryption domain.Īny suggestions or thoughts would be appreciated. ![]() I think this is due to the pre-NAT destination IP - 192.168.0.10 being defined in the CheckPoint local VPN encryption domain. The packet is Accepted but not Encrypted so doesn’t traverse the site B VPN. The packet from site A will decrypt on the CheckPoint, apply the source / dest NAT and hit the firewall rule configured to allow traffic to the site B VPN tunnel. ![]() Select the RADIUS server that you have configured for Duo and adjust the Timeout (sec) to 60 seconds and the Retries to 1. Verify the RADIUS timeout: Open the Palo Alto administrative interface and navigate to Device > Server Profiles > RADIUS. I have tested creating the below NAT rule: (Disable NAT inside the VPN community is unchecked in both communities) In the example figure below, the VPN Star community has two central MEP Security Gateways (M1 and M2, each with its own VPN domain), and remote satellite S1. With By VPN Domain, the Security Gateway of that domain becomes the chosen entry point. Remote Encryption Domain Site B: 192.168.4.0/24 Before you enable MEP, each IP address belongs to a specific VPN domain. Remote Encryption Domain Site A: 192.168.2.0/24
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |