This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saranya_0305
Collaborator
‎2025-06-09 11:22 PM
Jump to solution

Remote Access VPN_LAB

Dear Team,
 
I am doing a Remote Access VPN lab in my PC using VMware workstation.
 
The below is the labset up details.
 
Enivronment: Distributed 
 
192.168.201.0/24(Host-only)
192.168.26.0/24 (NAT)
Default Gateway :192.168.26.2/24
 
Management:
eth0- 192.168.201.60/24 (Internal)
eth1- 192.168.26.70/24 (External)
 
FW:
eth0- 192.168.201.70/24 (Internal)
eth4- 192.168.26.80/24 (External)
 
 
Windows Machine which is behind the Firewall configured as Windows IIS.
 
IP: 192.168.201.24/24
 
Remote Client :
 
IP: 192.168.42.20/24(ethernet)
      192.168.26.26/24
 
I configured the VPN Domain as Internal network and created a rule for access the Internal Network from the VPN users.
 
I successfully installed the VPN client and client shows connected in Remote client.
 
But when I try to ping to the Firewall from the Remote client, I am unable to ping and also unable access Windows IIS.
 
Can you please help me where I go wrong.
 
For reference please find the attached screenshots.
 
Regards,
Saranya
Preview file
42 KB
Preview file
80 KB
Preview file
116 KB
Preview file
112 KB
Preview file
135 KB
Preview file
160 KB
Preview file
175 KB
0 Kudos
2 Solutions

Accepted Solutions
Saranya_0305
Collaborator
‎2025-06-12 05:32 AM
In response to the_rock
Jump to solution

Hi @the_rock ,

Sorry for delay. I am stuck with different issue.

Anyway , the VPN is working after adding routes.🙂

But I have not get the clear picture of how Remote Access VPN configuration and working procedure😣.

Can you please suggest any Training Video any other useful resource🙂?.

 

Regards,

Saranya

View solution in original post

the_rock
MVP Gold
MVP Gold
‎2025-06-12 05:37 AM
In response to Saranya_0305
Jump to solution

Yes...unlike regular VPN tunnel, for RA, you need to add routes via web UI or clish, so fw knows where to route the traffic when users connect. Below is good video.

https://www.youtube.com/watch?v=AmdNOA8xtoU

Another good reference:

https://community.checkpoint.com/t5/Check-Point-for-Beginners/Remote-Access-VPN-Configuration-for-De...

Andy

View solution in original post

0 Kudos
6 Replies
Lesley
MVP Gold
MVP Gold
‎2025-06-10 08:17 AM
Jump to solution

It is not always a good test to ping the internal fw ip. Instead try to ping or access: IP: 192.168.201.24/24 that is behind the firewall. Do this test from the VPN client. If you done the test I would expect log entry, allow / drop encryption / decryption etc. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-06-10 08:31 AM
Jump to solution

See if you are getting right routes on the client by running route print from cmd.

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-06-10 08:44 AM
Jump to solution

Also, one easy way to troubleshoot this is to run zdebug and grep for IP you are testing. Saty IP you are trying to access was 10.10.10.10, you would run:

fw ctl zdebug + drop | grep 10.10.10.10

Andy

the_rock
MVP Gold
MVP Gold
‎2025-06-11 11:40 AM
Jump to solution

Hey @Saranya_0305 

Were you able to figure this out?

Andy

0 Kudos
Saranya_0305
Collaborator
‎2025-06-12 05:32 AM
In response to the_rock
Jump to solution

Hi @the_rock ,

Sorry for delay. I am stuck with different issue.

Anyway , the VPN is working after adding routes.🙂

But I have not get the clear picture of how Remote Access VPN configuration and working procedure😣.

Can you please suggest any Training Video any other useful resource🙂?.

 

Regards,

Saranya

the_rock
MVP Gold
MVP Gold
‎2025-06-12 05:37 AM
In response to Saranya_0305
Jump to solution

Yes...unlike regular VPN tunnel, for RA, you need to add routes via web UI or clish, so fw knows where to route the traffic when users connect. Below is good video.

https://www.youtube.com/watch?v=AmdNOA8xtoU

Another good reference:

https://community.checkpoint.com/t5/Check-Point-for-Beginners/Remote-Access-VPN-Configuration-for-De...

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events