This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlanDias
Explorer
‎2019-10-08 06:50 AM

Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Hi, I have only one VPN cluster - Check Point (80.20).

There are site to site and cliente to site VPNs in this cluster.

Is It possible to connect a host from a VPN site to site to a VPN client?

When the source tries, It drops with message:

"Routing outside encryption domain not enabled for this client"

0 Kudos
4 Replies
mdjmcnally
Advisor
‎2019-10-09 12:33 AM

Have certainly done this in the past where the clients are paid for clients with the OfficeMode.
Had to create a rule allowing the connection from the Internal networks to the OfficeMode Network. That rule does not have any VPN specified.
Any Firewall on the VPN Client needed to allow the connection from the Internal Networks as well.
0 Kudos
mdjmcnally
Advisor
‎2019-10-09 07:31 AM
In response to mdjmcnally

Will also need HubMode enabled on the Gateway that connecting too.

 

Separate Remote Access VPN Encryption Domain

Main Encryption Domain should include the Office Mode Network hence why need to use seperate Encryption Domain for Remote Access.

Site to Site VPN's should make sure that they see the Office Mode as part of the Site to Site VPN.

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-09 01:20 AM

Make sure to setup the VPN topology for remote access including the remote network at the 3rd party. Next to that you need to allow the traffic by a rule.
Also have the 3rd party include the Office mode network in the vpn topology for your end.
Regards, Maarten
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-10-09 07:11 AM

See sk94071: Cannot access Remote VPN client from Internal host for the needed configuration steps !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top