cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
David_Won
Nickel

End users can't access local network when VPN connected to us.

Jump to solution

We have overlapping IP ranges between a supplier and us. Once they connect to us they can no longer access their printers etc.

Client is running Endpoint security E80.81. Firewalls running R77.30

Connection Details

User Name RXXXX
IP 69.159.XXX.XX
VPN Gateway hfpXna_gateway_cluster
Client Type Other
Connect Time 1:50:59 PM 9/11/2018
SCV State Unknown
Version
Operating System
Build Number
Last SCV Fail Reason
Internal IP 192.168.245.160
Authentication Method XAUTH
Encryption Algorithm ESP3DES
Visitor Mode False
Route traffic False
UDP Encapsulation NATT
Office Mode True

Any ideas on how to work around this. Way back in the past we fixed this by making a batch file that the user could run to change their routes to point the conflicting 10 network to their local gateway.

Anybody know of a better way to handle this?

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: End users can't access local network when VPN connected to us.

Jump to solution

Short of changing your own encryption domain to exclude the relevant IP addresses, you're pretty much limited to the batch script.

Years ago, I wrote my own script for this, documented in this thread: https://community.checkpoint.com/thread/5919-route-vpn-client-remote-access-to-lan 

3 Replies
Jason_Dance
Copper

Re: End users can't access local network when VPN connected to us.

Jump to solution

Can you try to exclude the IP addresses of their printers from your Remote access VPN Domain object?  If you have a network subnet defined on your gateway properties, then you might want to switch to a group containing network subnets/ip address ranges instead

0 Kudos
Admin
Admin

Re: End users can't access local network when VPN connected to us.

Jump to solution

Short of changing your own encryption domain to exclude the relevant IP addresses, you're pretty much limited to the batch script.

Years ago, I wrote my own script for this, documented in this thread: https://community.checkpoint.com/thread/5919-route-vpn-client-remote-access-to-lan 

Re: End users can't access local network when VPN connected to us.

Jump to solution

Preferably redesign your network in such a way that you only need public IP's for VPN purposes.

That is the only way to avoid overlaps.

Doing some creative NATting might be a workaround.

0 Kudos