Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sys_Admin1
Participant

Guest network and mobile access on same public IP

Hello,

This configuration is set on R80.10 version. 

I have a guest access with NAT IP public, this access is for web access with some limitations.

But somes times, internal users as don't have access to internal network , use this guest access to connect to VPN ( this VPN is a mobile access and configured with the same public IP of guest access ), but not works. 

Checking logs I see that all traffiic is drop because anti-spoofing protection. 

Do you know it's possible to make this configuration without disable anti-spoofing protection  ? 

Thanks in advance, 

Marco 

4 Replies
PhoneBoy
Admin
Admin

A few more details are needed here.

  • Is your guest network included as part of the Encryption Domain (Gateway object > Network Management > VPN Domain)
    • If you're using All IPs Behind Gateway, then it is and you should use an explicit domain definite that excludes this network.
  • A screenshot of the anti-spoofing message would be exceptionally helpful along with related topology information
0 Kudos
sys_Admin1
Participant

Hi, 

Network guest is not part of encryption domain and for mobile access I using a specific domain and not include the guest network.

This is the message with drop packets. 

Thanks,

Marco 

0 Kudos
PhoneBoy
Admin
Admin

Need to see the entire log card, not just the message.

Also need to understand the topology.

0 Kudos
sys_Admin1
Participant

Hi,

Thanks for your help. 

I solved my issue with sk44075. Apply solution for Cause 2: Office Mode IP Pool is part of the VPN Encryption Domain

Thanks,

Marco 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events