Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Karan0587
Explorer

Remote Access Link Selection - Staticaly Nated IP

Hi,

Need suggestion on below

The customer has bought a range of IP Addresses from ISP, he wants to use one of the IP Addresses for checkpoint remote access VPN.

I believe we can use that IP Address in Statically Nat IP in link selection ( attached image).

Can anybody suggest what configuration is required from a policy perspective?

 

 

Regards

Karan

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Beyond this configuration in Link Selection, you should not need to do anything unusual to accept the traffic.
It will be allowed by implied rules.

0 Kudos
Karan0587
Explorer

Thanks for the reply, 

i thought so as well, but does not connect and goes through the clean up rule.

I have to create access policy rule to allo vpn for that IP  isn't ?

0 Kudos
the_rock
Mentor
Mentor

Not necessarily that IP, but object itself. So, you can make bi-directional rule for subnets involved (local and remote) and then under vpn column, just select that community, services you need and accept. If traffic fails on clean up rule, there is no any doubt that rule does not exist in the policy to allow it. Unless, the exception could be if you have layers, then it could be catching parent layered rule and then being dropped on explicit layer clean up rule, rather than implicit one, which would always be last rule in the rulebase.

0 Kudos
the_rock
Mentor
Mentor

As phoneboy said, config is fine, but as far as policy, just make sure that VPN traffic is allowed as usual, but other than that, you should be good to go.

0 Kudos