Unrestricted Mode; Nat Mode - Nokia IP40 User Manual

Nokia IP40 Tele 8 to Check Point NG AI

Unrestricted Mode

if you select unrestricted mode while configuring site-to-site VPNs, the traffic will reach both
the internal networks of the VPN sites irrespective of the NAT rules.
Note
You can use No-NAT mode only with IP40 Satellite X.
Figure 9 on page 189 shows a site-to-site VPN in No-NAT or unrestricted mode. Both VPN
peers are considered site-to-site VPN gateways, and traffic is directly established from the
source host to the destination host. In this example, hosts on either network can initiate traffic to
hosts on the peer network. Both network 1 and network 2 are uses routable IP addresses.
Figure 9 No-NAT Mode

NAT Mode

Use NAT mode in site-to-site VPNs, where bidirectional initiation of traffic between networks
using public IP addresses is required.
"NAT Mode" shows two instances of a site-to-site VPN gateways in NAT mode.
Figure 10 NAT Mode
Solution A: Nokia IP40 Satellite X to VPN-1 (Site-to-Site VPN)
Hosts on Network 1 establish the TCP/IP connection to the external IP address of the IP40
Satellite X site-to-site VPN gateway. The IP40 Satellite X device is configured through the IP40
GUI Security page to port forward the inbound traffic to the defined host.
Solution B: Nokia IP40 Satellite X to Satellite X (Site-to-Site VPN)
IP40 Satellite X supports the creation of site-to-site VPN connections between two or more IP40
Satellite X devices. Hosts on either network can directly initiate traffic to hosts on the peer
Nokia IP40 Security Platform User's Guide v1.1 189