Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AlanDias
Explorer

Is It possible to connect a host from a VPN site to site to a VPN client IP (R80.20)?

Hi, I have only one VPN cluster - Check Point (80.20).

There are site to site and cliente to site VPNs in this cluster.

Is It possible to connect a host from a VPN site to site to a VPN client?

When the source tries, It drops with message:

"Routing outside encryption domain not enabled for this client"

0 Kudos
4 Replies
mdjmcnally
Advisor

Have certainly done this in the past where the clients are paid for clients with the OfficeMode.
Had to create a rule allowing the connection from the Internal networks to the OfficeMode Network. That rule does not have any VPN specified.
Any Firewall on the VPN Client needed to allow the connection from the Internal Networks as well.
0 Kudos
mdjmcnally
Advisor

Will also need HubMode enabled on the Gateway that connecting too.

 

Separate Remote Access VPN Encryption Domain

Main Encryption Domain should include the Office Mode Network hence why need to use seperate Encryption Domain for Remote Access.

Site to Site VPN's should make sure that they see the Office Mode as part of the Site to Site VPN.

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Make sure to setup the VPN topology for remote access including the remote network at the 3rd party. Next to that you need to allow the traffic by a rule.
Also have the 3rd party include the Office mode network in the vpn topology for your end.
Regards, Maarten
0 Kudos
G_W_Albrecht
Legend Legend
Legend

See sk94071: Cannot access Remote VPN client from Internal host for the needed configuration steps !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events