- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: Endpoint Vpn Location awareness
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Endpoint Vpn Location awareness
Hi,
We have stumbled upon a small issue and we would like your opinion on a possible solution
So we have a client behind a site 2 site tunnel. The client has Location awareness active and is always building the VPN directly to its VPN gateway, as the connection goes over the external link it is always detected as Outside.
How do we make the Client understand that he is actually internal and should use the Site 2 site tunnel and does not need to build up the client VPN?
The option Domain controller and Network Group is not acceptable, the first does not work as intended and the 2 could lead to other issues, are there any quick solutions for this?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ricardo,
I had a similar issue, this is what worked for me.
We created a network group that we called, "Public Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.
Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.
This worked as a charm and it was the easiest solution ever.
Hope this helps
@DrVavin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The option Domain controller and Network Group is not acceptable:
If we enable this it does not work smoothly because the Domain Controller is accessible over the Client VPN.
Explicitly configuring the Network can lead to the situation where at a non trusted location with the same addressing the clients thinks he is internal.
We are investigating if adding the Local networks behind remote site to the encryption domain solves this issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how does you solved this issue with the location awareness? We have the same setup, and would be very interested in your solution. Thanks
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any solution to this problem?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ricardo,
I had a similar issue, this is what worked for me.
We created a network group that we called, "Public Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.
Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.
This worked as a charm and it was the easiest solution ever.
Hope this helps
@DrVavin