This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nemezis_rock
Contributor
‎2024-11-27 02:16 AM
Jump to solution

Remote Access VPN Interface selection

Hi all,

I have two GWs in Cluster.

Here are its external interfaces:
1. Internet - with white IP 8.8.8.8 (for example purposes);
2. Private network - with IP 10.10.10.10 (for example purposes).

At the moment the 2nd network's topology setted up as Internal. When I change topology to External, remote users starts connect to those External interfaces with private addresses.

VPN clients connect to domain myvpn.mydomain.com - its IP adress is 8.8.8.8, and client application CP Endpoint Security shows:

Site: myvpn.mydomain.com
IP Address: 10.10.10.10 (instead of 8.8.8.8)
And fails to connect to that private address.

IP Selection by Remote Peer setted up as Calculate IP based on topology.

Can anyone help with that?
Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2024-11-27 05:10 AM
Jump to solution

@nemezis_rock You can configure link selection for remote access independent from site2site VPN via sk32229 - Configuring VPN Link Selection for Remote Access client

View solution in original post

9 Replies
G_W_Albrecht
Legend Legend
Legend
‎2024-11-27 02:49 AM
Jump to solution

Why would you set topology to external if it is not external and not facing the internet?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nemezis_rock
Contributor
‎2024-11-27 02:57 AM
In response to G_W_Albrecht
Jump to solution

Because it is actually an External network - L2 VPN. It is not local network but network between group of organizations.

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-11-27 03:02 AM
In response to nemezis_rock
Jump to solution

Have you try to use "link selection" here:

link.png

----------------
\m/_(>_<)_\m/
0 Kudos
nemezis_rock
Contributor
‎2024-11-27 03:17 AM
In response to AkosBakos
Jump to solution

Will this affect on all IPSec tunnels or only for RA VPN users?

0 Kudos
nemezis_rock
Contributor
‎2024-11-27 03:00 AM
In response to G_W_Albrecht
Jump to solution

I have some IPSec tunnels in that private external network. And also have Remote access community for VPN from internet.

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-11-27 03:24 AM
In response to nemezis_rock
Jump to solution

Yes, so be careful.

What is set here?

----------------
\m/_(>_<)_\m/
0 Kudos
nemezis_rock
Contributor
‎2024-11-27 03:48 AM
In response to AkosBakos
Jump to solution

IP Selection by Remote Peer setted up as Calculate IP based on topology.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-11-27 04:47 AM
In response to nemezis_rock
Jump to solution

Better open SR# with CP TAC for this configuration !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
Authority
Authority
‎2024-11-27 05:10 AM
Jump to solution

@nemezis_rock You can configure link selection for remote access independent from site2site VPN via sk32229 - Configuring VPN Link Selection for Remote Access client

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top