topic Re: Using VPN from within local network in SASE and Remote Access

Using VPN from within local network

OpenAware_BV_BV — Tue, 12 Feb 2019 21:15:45 GMT

Hi,

I am using the 750 appliance and have issues using VPN from within the local network. Any help is very much appreciated.

So the config is very basic. One network (and port) for wired (trusted) LAN (192.168.1.x) and one network (and port) for wireless (untrusted) LAN (192.168.2.x). The idea is that it is not allowed to connect from 2.x to 1.x. This work just fine.

However, secure clients that have Check Point Mobile installed should be able to connect from the wireless (untrusted) LAN to the wired (trusted) LAN using VPN.

For this the Incoming, Internal and VPN traffic has a #1 rule 'VPN Remote Access - * Any - * Any - Accept' defined. This however does not work out. The VPN client is dropped every few seconds and there is no way to connect to any of the 1.x addresses.

Any ideas on how to solve this are welcome.

Kind regards,

Dave

Re: Using VPN from within local network

Jerry — Wed, 13 Feb 2019 14:36:02 GMT

just wonder why do you need to have encrypted tunnel in between?

I'm struggling to understand a purpose sorry ...

Re: Using VPN from within local network

PhoneBoy — Wed, 13 Feb 2019 21:08:05 GMT

What's your encryption domain?

Here's how to set it.

You should be sure to exclude the WLAN from the encryption domain.

Re: Using VPN from within local network

OpenAware_BV_BV — Mon, 18 Feb 2019 07:19:38 GMT

Hi Jerry, there is no absolute necessity for an encrypted tunnel. It is just a more general approach on how to connect.

Making an exception based on MAC is an alternative. However, by using the VPN option there is just one single process on how to connect and how to manage configuration (No exclusions just VPN). Encryption is included for free.