Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

MEP, Remote Access and S2S

We had tested VPN Routing from Remote Access to S2S VPN. IN HO we do have four Firewalls for Remote Access VPN and all the four are in MEP. All the firewall is managed by single Management.

When tested, MEP is not allowing the Remote Access VPN to go to S2S because of overlapping. We just removed S2S Peer gateway from Remote Access community and everything is working fine as normal. But the problem here is there are users who will be connecting to the Peer gateway directly through Remote Access.

We need MEP and Remote Access VPN for the Peer gateway simutaneously.

Is there any road map for Multiple remote access community.

0 Kudos
4 Replies
Highlighted
Admin
Admin

Not clear how multiple Remote Access encryption domains would solve the issue you're describing.
In any case, Secondary Connect will permit the client to directly connect to the gateway where resources will be accessed from.
That's probably what you want to do here.
Refer to: http://downloads.checkpoint.com/dc/download.htm?ID=60345
0 Kudos
Highlighted
Contributor

Hi,

Thank you for your reply.

As i mentioned in the previous loop, We had removed Peer Gateway from Remote Access Community to work Remote Access Client connect to peer gateways through HO Firewall S2S VPN  because of MEP overlapping. Multiple HO Firewalls are in MEP. Now the peer gateway is not in Remote access Community. User needs to access Remote Access direct to peer gateways encryption domain.

0 Kudos
Highlighted
Admin
Admin

A diagram with exactly how you want the traffic to flow in this case would be helpful along with an explanation of the encryption domains in question.

Note that MEP should work if one site has an encryption domain that is a "proper subset" of the other (i.e. Site A's encryption domain is completely contained in Site B's encryption domain with no unique elements not included in Site B's encryption domain).
0 Kudos
Highlighted
Contributor

Hello,

 

The Peer gateway is not the part of MEP. I had attached the screenshot for your quick reference. Please check.

 

 

0 Kudos