No connection to a VPN remote access user.

Matlu · ‎2023-10-06

Hello, everyone.

I have a VPN user that connects through Endpoint Security VPN, which successfully logs in to the VPN (Remote Access), but once connected, he has no connectivity to the IP that is declared in the security rule (10.100.10.10).

In the logs, there are no drops packets from this user, on the contrary, everything is allowed.

In these RA VPN scenarios, is it convenient to do a traffic "trace", using TCPDUMP? Or is it better to use a FW Monitor?

Could you share with me a syntax of the FW Monitor command, for this type of scenario?

Thanks for your comments.

PhoneBoy · ‎2023-10-06

I'd start with a simple tcpdump from the gateway itself (using destination IP of the system in question).
If the traffic doesn't leave the gateway, you might try fw monitor using the -F option with the specific IPs (Office Mode IP of user and destination server).
For example (to see all traffic to 10.100.10.10 on port 443 from Office Mode IP 172.22.0.1): fw monitor -F "172.22.0.1,0,10.100.10.10,443,6" -F "10.100.10.10,443,172.22.0.1,0.6"
More information on fw monitor: https://support.checkpoint.com/results/sk/sk30583

From there, you might need to debug further.

the_rock · ‎2023-10-08

Maybe just start with the logs check and see what you get. After, run what Phoneboy suggested.

Andy

Are you a member of CheckMates?

No connection to a VPN remote access user.