https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194679#M4505 <P>Hello,</P><P>Anyone knows why a security gateway would exclude its management IP address out of the RA VPN client's routing table?</P><P>Case in point, the RA VPN community encryption domain includes the whole 10.0.0.0/8 subnet, yet the 10.0.0.X IP address, which is the management IP address of the security gateway where the RA VPN is terminated, is not included in the connected RA VPN client's routing table. The RA VPN client is&nbsp; Check Point Mobile and uses IPsec to tunnel traffic.</P><P>&nbsp;</P><P>Thank you</P> Tue, 10 Oct 2023 15:02:52 GMT AlexandruD 2023-10-10T15:02:52Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194679#M4505 <P>Hello,</P><P>Anyone knows why a security gateway would exclude its management IP address out of the RA VPN client's routing table?</P><P>Case in point, the RA VPN community encryption domain includes the whole 10.0.0.0/8 subnet, yet the 10.0.0.X IP address, which is the management IP address of the security gateway where the RA VPN is terminated, is not included in the connected RA VPN client's routing table. The RA VPN client is&nbsp; Check Point Mobile and uses IPsec to tunnel traffic.</P><P>&nbsp;</P><P>Thank you</P> Tue, 10 Oct 2023 15:02:52 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194679#M4505 AlexandruD 2023-10-10T15:02:52Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194699#M4506 <P>I just checked in one of customers' environments and works fine, no issues. Can you see what is output of route print from user's machine?</P> <P>Andy</P> Tue, 10 Oct 2023 17:28:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194699#M4506 the_rock 2023-10-10T17:28:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194706#M4507 <DIV class="">&nbsp;</DIV><P>Hi Andy,</P><P>Here is a snippet of a connected RA VPN client's provisioned routes. You can see that the routes exclude the specific 10.0.0.252 IP address (which is the MGMT address of the security gateway) from the rest of the routes within the 10.0.0.0/8 prefix.&nbsp;I cannot find any specific configuration for this behavior via SmartConsole, perhaps there might be some parameter I could ajust directly in the DB.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-10-10 215138.png" style="width: 690px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22734i15FCFA8A2FA8BF2D/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2023-10-10 215138.png" alt="Screenshot 2023-10-10 215138.png" /></span></P><P>Best regards,</P><P>Alexandru</P> Tue, 10 Oct 2023 19:01:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194706#M4507 AlexandruD 2023-10-10T19:01:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194711#M4508 <P>I dont really see anything specific, below is just referred to dns when people log in via RA.</P> <P>Andy</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22735i5ADF75C0579F3A76/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Tue, 10 Oct 2023 19:12:21 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194711#M4508 the_rock 2023-10-10T19:12:21Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194728#M4509 <P>Location Awareness enabled, perhaps?</P> Tue, 10 Oct 2023 21:00:22 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/194728#M4509 PhoneBoy 2023-10-10T21:00:22Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/195564#M4510 <P>Hello,</P><P>&nbsp;</P><P>I finally got this working, it took a while for CP support to provide a fix, although a bit complicated for such a simple need:</P><P>- automatic MEP topology must be disabled oin the gateway, based on sk78180 (it already was disabled in my case)</P><P>- disable MEP topology retrieval in the VPN client's configuration, sk92676 (different than the default setting)</P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-10-18 220607.png" style="width: 677px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22860i2C2CEB90FE44468B/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2023-10-18 220607.png" alt="Screenshot 2023-10-18 220607.png" /></span></P><P>&nbsp;</P><P>Best regards,</P><P>Alexandru</P><P>&nbsp;</P> Wed, 18 Oct 2023 19:19:57 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/195564#M4510 AlexandruD 2023-10-18T19:19:57Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/195565#M4511 <P>Thanks for the update! <span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P> Wed, 18 Oct 2023 19:32:03 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MGMT-IP-address-not-accessible-via-RA-VPN/m-p/195565#M4511 the_rock 2023-10-18T19:32:03Z