Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ricardo_Gros
Collaborator
Jump to solution

Endpoint Vpn Location awareness

Hi,

 

We have stumbled upon a small issue and we would like your opinion on a possible solution

 

So we have a client behind a site 2 site tunnel. The client has Location awareness active and is always building the VPN directly to its VPN gateway, as the connection goes over the external link it is always detected as Outside.

How do we make the Client understand that he is actually internal and should use the Site 2 site tunnel and does not need to build up the client VPN?

 

The option Domain controller and Network Group is not acceptable, the first does not work as intended and the 2 could lead to other issues, are there any quick solutions for this?

Problem Endpointclient.PNG

 

0 Kudos
1 Solution

Accepted Solutions
David_Ulloa
Contributor

Ricardo,

I had a similar issue, this is what worked for me.

We created a network group that we called, "Public  Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.

Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.

This worked as a charm and it was the easiest solution ever. 

 

Hope this helps

@DrVavin

 

 

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
Please explain the statements you made in your last paragraph.
0 Kudos
Ricardo_Gros
Collaborator

The option Domain controller and Network Group is not acceptable:

If we enable this it does not work smoothly because the Domain Controller is accessible over the Client VPN.


Explicitly configuring the Network can lead to the situation where at a non trusted location with the same addressing the clients thinks he is internal.

 

We are investigating if adding the Local networks behind remote site to the encryption domain solves this issue.

 

 

 

0 Kudos
ksparke
Explorer
Hi , Ricardo,
how does you solved this issue with the location awareness? We have the same setup, and would be very interested in your solution. Thanks
Kim
0 Kudos
Dominik_L
Explorer

Is there any solution to this problem?

 

Regards

David_Ulloa
Contributor

Ricardo,

I had a similar issue, this is what worked for me.

We created a network group that we called, "Public  Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.

Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.

This worked as a charm and it was the easiest solution ever. 

 

Hope this helps

@DrVavin

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events