Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomasz_Bres
Participant
Jump to solution

How to configure Star VPN Community with one point connection to internet?

Hello

I have three CP appliances connected via 192.168.20.0/24 network with internet access via 192.168.20.1.

GW-Central:

WAN IP: 192.168.20.70

LAN IP: 10.94.0.100/24

GW-SiteA

WAN IP: 192.168.20.80

LAN IP: 10.0.80.1/24

GW-SiteB

WAN IP: 192.168.20.90

LAN IP: 10.0.80.1/24

I used this document as guide:

How to Set Up a Site-to-Site VPN with Check Point Gateways Managed by the same Management Server

So I have defined:

Local-LAN: 10.94.0.0/24 with NAT to 192.168.20.70

SiteA-LAN: 10.0.80.0/24 with NAT to 192.168.20.70

SiteB-LAN: 10.0.90.0/24 with NAT to 192.168.20.70

In gateway properties I've change VPN Domain to defined LAN network.

For GW-Central Local-LAN is selected

For GW-SiteA SiteA-LAN is selected

For GW-SiteB SiteB-LAN is selected

I have created VPN star Community, set GW-Central as Center Gateway, GW-SiteA and GW-SiteB as Satelitte Gateways

In VPN Routing I've selected "To center or through center to other satellites, to Internet and other VPN targets"

I've added Access Policy to allow traffic between Sites and Center GW and Sites to Internet

It works almost fine, so:

I have internet access from LAN in both Sites (via Central GW) - checked with traceroute

I have full network visibility between LANs (Site A to Site B, Site B to Central, Site A to central and so on)

I'm unable to synchronize clocks via NTP on Satellite appliances.

From CLI on satellite appliance, I'm unable to ping 8.8.8.8, 192.168.20.1. DNS resolution doesn't work.

However I'm able to ping Central and other Satellite LAN  addresses.

In the same time, I can find log entry with dropped packet from SiteA/SiteB to 8.8.8.8 with "Security warning: received a cleartext packet within an encrypted connection.

What am I missing?

0 Kudos
1 Solution

Accepted Solutions
Tomasz_Bres
Participant
0 Kudos
3 Replies
Tomasz_Bres
Participant

Hello again

One more problem appear. I'm unable to use Application Control Blade

"Update failed. Could not resolve 'secureupdates.checkpoint.com'. Check DNS and Proxy configuration on the gateway.

I'm not using proxy in my environment, and DNS is set to 8.8.8.8

0 Kudos
Tomasz_Bres
Participant
0 Kudos
Tomer_Sole
Mentor
Mentor

Let me know if there's anything else that we can do to help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events