cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Save Backupfile to Unix Server through VPN Connection

Hi Checkmates,

i want to configure on the SecurityGateway (Checkpoint Appliance 3100)  automatic Backup Job.

The Destination is a central Unixserver in the Headquater by SCP connection through VPN Connection configured on this SecurityGateway.

 

The SecurityGateway have more Interfaces and also one Interfaces to the Internet with static public IP-Address. This public IP-Address is also the MGMT IP of the Security Gateway.

 

The Destination BackupServer have a private IP-Adress and is only reachable over the VPN-Connection.

If I start the Backupjob the Backup is not successfully.

 

BackupJob.png

If I check in the same time on the Backupserver the connections, then I see, the Gateway comes with the public IP and maybe this is the problem.

 

UnixConnection.png

My Question is, how to configure the Backupjob that the Securitygateway use another source IP (his private IP not the public MGMT IP-Address.

 

0 Kudos
5 Replies
Admin
Admin

Re: Save Backupfile to Unix Server through VPN Connection

Don't believe that's possible.
Is the remote end of the VPN under your control?
The public IP of the gateway should be part of the encryption domain.
0 Kudos

Re: Save Backupfile to Unix Server through VPN Connection

Yes, the remote end of the vpn under my Control.
The public IP of the Gateway is not a part of the encryption Domain.
0 Kudos

Re: Save Backupfile to Unix Server through VPN Connection

The public IP of the Gateway is not a part of the encryption Domain - then how should the VPN work for this traffic ? Why not use the local IP instead ?

0 Kudos

Re: Save Backupfile to Unix Server through VPN Connection

I don't know why… Maybe the Destination ip is the private IP...
hmm… any others an idea?
0 Kudos
Employee+
Employee+

Re: Save Backupfile to Unix Server through VPN Connection

OpenSSH has the capability to specify the IP address used when transferring scp/sftp.

Since you have CLI access to the appliance try adding running it manually to see if it will connect when using the BindAddress option.

 

scp -o BindAddress=10.10.10.1 /home/admin/filename user@2.2.2.2:/directory/filename

 

If that works, then it is possible to add configuration options in /etc/ssh/ssh_config to force the gateway to use the internal interface IP address for SCP for the specific IP destination.

0 Kudos