This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tropicanaslim
Contributor
‎2023-03-13 11:02 AM

RAVPN Routing Issue

Hi Checkmates,

so currently my cust on cluster mode and  enable RAVPN. but i facing an issue when remote user connect vpn they are cant reach to internal network.

for office mode if we use x.x.x.x/24 do we need to add this segment for routing table on each gateway? or routing for office mode will automatically enable?

since user could connect to vpn i think there is no issue for vpn configuration, or do i need to check something in remote access config?

then, does users when they connect to vpn automatically get full tunnel config by default? or need to config manually for this?

 

Thankyou..

Labels
0 Kudos
2 Replies
the_rock
Legend
Legend
‎2023-03-13 11:09 AM

Yes, you need routing, its not automatic for RA. Also, verify output of route print on the client from cmd.

0 Kudos
girisht
Employee
Employee
‎2023-03-24 04:06 AM

Here are the few things you need to check while configuring the RA VPN:

Configuration:
++ IPSEC blade enabled.
++ GW object --> VPN client --> Office mode:
> Allow Office Mode to all users.
> Select the Manual Office Pool. If cluster then GW object --> Cluster Member --> Edit GW object --> VPN --> Check the Office Manual Office Mode.
++ GW object --> VPN client --> Remote Access --> Check Support Mode.
++ Ensure Gateway is added in the Remote Access community.
++ "All users*" should be allowed under the same Remote Access community.
++ Encryption domains should be defined then only you all access destination resources over RA VPN.

GW object --> Expand Network Management --> VPN domain --> Set specific domain for community --> Remote access and set the Network group.
++ Access which allows traffic from the Office Mode pool towards the destination which you want to access.

Basic T-shoot/Check:
++ Once the user has authenticated check "cmd> route print".
This output should show the destination IP route towards Office Mode IP, which destination IP traffic will go over the VPN towards the gateway.
++ Check Smart console logs for the same connection. It should be allowed on the access rule and under the same you can get an interface where this traffic is handled.
++ Usually you do not need any routing changes but ensure the gateway should be reached destination resources than on RAVPN client can access the resources.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events