on the management server which is documented in VPN Site-to-Site with 3rd party).īased on your description for seeing the external IP of checkpoint gateway in the proposal either you are hide NATing the traffic behind the gw (which you might disable NAT inside the community unless you want to apply NAT inside the tunnel you need to adjust it using manual NAT rules).
Whenever you configure checkpoint gateways for vpn you have only one encryption domain for all your peers, for that you have be specific and make a unique encryption domain to avoid supernetting and phase two negotiation issues (You can customize the encryption domain per peer by editing the.
