topic IPSec RAVPN: Restrict a Subnet from Connecting to the VPN in Firewall and Security Management

IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

fatalXerror — Fri, 21 Jun 2019 09:14:23 GMT

Hi Guys,

I am gathering some helpful information for a while now to suffice my concern.

I found this thread and followed it but it does shows what I wanted.

https://community.checkpoint.com/thread/7204-restricting-remote-access-by-ipv4-address

My concern is, I want to restrict a subnet from connecting to the VPN. For example, SUBNET-A should be the only subnet that can connect to my VPN using Endpoint VPN client. I tried in my lab what is in the link but I still can connect to VPN even though my endpoint does not belong to that subnet.

Is this really possible?

Thanks for the help.

Re: IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

G_W_Albrecht — Wed, 23 Jan 2019 13:10:16 GMT

It is possible - but what is shown in logs for you ?

Re: IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

fatalXerror — Wed, 23 Jan 2019 13:23:43 GMT

Hi @Günther W. Albrecht,

In my logs, i can only see "Key Install" and "Login" logs but these logs upon analyzing, it is pertaining to the VPN IP so the security rules will not to take effect. Is my understanding correct?

Above image is a sample, I am connecting to my external zone (sorry the object naming is incorrect).

How I can restrict a group of user like only the group of 10.10.10.0/24 can connect to the VPN?

Thanks in advance.

Re: IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

PhoneBoy — Sat, 26 Jan 2019 04:42:47 GMT

What, if anything, did you try from that the thread you mentioned?