topic Re: No connection to a VPN remote access user. in SASE and Remote Access

No connection to a VPN remote access user.

Matlu — Fri, 06 Oct 2023 13:00:17 GMT

Hello, everyone.

I have a VPN user that connects through Endpoint Security VPN, which successfully logs in to the VPN (Remote Access), but once connected, he has no connectivity to the IP that is declared in the security rule (10.100.10.10).

In the logs, there are no drops packets from this user, on the contrary, everything is allowed.

In these RA VPN scenarios, is it convenient to do a traffic "trace", using TCPDUMP? Or is it better to use a FW Monitor?

Could you share with me a syntax of the FW Monitor command, for this type of scenario?

Thanks for your comments.

Re: No connection to a VPN remote access user.

PhoneBoy — Fri, 06 Oct 2023 17:34:50 GMT

I'd start with a simple tcpdump from the gateway itself (using destination IP of the system in question).
If the traffic doesn't leave the gateway, you might try fw monitor using the -F option with the specific IPs (Office Mode IP of user and destination server).
For example (to see all traffic to 10.100.10.10 on port 443 from Office Mode IP 172.22.0.1): fw monitor -F "172.22.0.1,0,10.100.10.10,443,6" -F "10.100.10.10,443,172.22.0.1,0.6"
More information on fw monitor: https://support.checkpoint.com/results/sk/sk30583

From there, you might need to debug further.

Re: No connection to a VPN remote access user.

the_rock — Sun, 08 Oct 2023 21:30:11 GMT

Maybe just start with the logs check and see what you get. After, run what Phoneboy suggested.

Andy