cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ivory

Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Hi, I have only one VPN cluster - Check Point (80.20).

There are site to site and cliente to site VPNs in this cluster.

Is It possible to connect a host from a VPN site to site to a VPN client?

When the source tries, It drops with message:

"Routing outside encryption domain not enabled for this client"

0 Kudos
4 Replies
Highlighted
Silver

Re: Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Have certainly done this in the past where the clients are paid for clients with the OfficeMode.
Had to create a rule allowing the connection from the Internal networks to the OfficeMode Network. That rule does not have any VPN specified.
Any Firewall on the VPN Client needed to allow the connection from the Internal Networks as well.
0 Kudos
Highlighted
Silver

Re: Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Will also need HubMode enabled on the Gateway that connecting too.

 

Separate Remote Access VPN Encryption Domain

Main Encryption Domain should include the Office Mode Network hence why need to use seperate Encryption Domain for Remote Access.

Site to Site VPN's should make sure that they see the Office Mode as part of the Site to Site VPN.

 

0 Kudos
Highlighted

Re: Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Make sure to setup the VPN topology for remote access including the remote network at the 3rd party. Next to that you need to allow the traffic by a rule.
Also have the 3rd party include the Office mode network in the vpn topology for your end.
Regards, Maarten
0 Kudos
Highlighted

Re: Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

See sk94071: Cannot access Remote VPN client from Internal host for the needed configuration steps !

0 Kudos