Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Josef_Maier
Participant

Save Backupfile to Unix Server through VPN Connection

Hi Checkmates,

i want to configure on the SecurityGateway (Checkpoint Appliance 3100)  automatic Backup Job.

The Destination is a central Unixserver in the Headquater by SCP connection through VPN Connection configured on this SecurityGateway.

 

The SecurityGateway have more Interfaces and also one Interfaces to the Internet with static public IP-Address. This public IP-Address is also the MGMT IP of the Security Gateway.

 

The Destination BackupServer have a private IP-Adress and is only reachable over the VPN-Connection.

If I start the Backupjob the Backup is not successfully.

 

BackupJob.png

If I check in the same time on the Backupserver the connections, then I see, the Gateway comes with the public IP and maybe this is the problem.

 

UnixConnection.png

My Question is, how to configure the Backupjob that the Securitygateway use another source IP (his private IP not the public MGMT IP-Address.

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Don't believe that's possible.
Is the remote end of the VPN under your control?
The public IP of the gateway should be part of the encryption domain.
0 Kudos
Josef_Maier
Participant

Yes, the remote end of the vpn under my Control.
The public IP of the Gateway is not a part of the encryption Domain.
0 Kudos
G_W_Albrecht
Legend
Legend

The public IP of the Gateway is not a part of the encryption Domain - then how should the VPN work for this traffic ? Why not use the local IP instead ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Josef_Maier
Participant

I don't know why… Maybe the Destination ip is the private IP...
hmm… any others an idea?
0 Kudos
masher
Employee
Employee

OpenSSH has the capability to specify the IP address used when transferring scp/sftp.

Since you have CLI access to the appliance try adding running it manually to see if it will connect when using the BindAddress option.

 

scp -o BindAddress=10.10.10.1 /home/admin/filename user@2.2.2.2:/directory/filename

 

If that works, then it is possible to add configuration options in /etc/ssh/ssh_config to force the gateway to use the internal interface IP address for SCP for the specific IP destination.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events