This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Digo11
Contributor
‎2023-04-04 02:50 AM
Jump to solution

Remote Access VPN using external interface Public IP

Hello Experts,

Good day to everyone.

I have a standalone 6600 security gateway managed by Smart-1 410 appliance. I have a private Mgmt IP (Gateway Object) 192.168.10.10 and External Interface is configured with a public IP 202.44.145.55. I have some web servers inside the Checkpoint and everything works fine as of now.

Checkpoint R81.10 Take 87
Valid license for Mobile Access and IPsec VPN

Default Route: 202.44.145.57

I have also configured remote access VPN by enabling IPsec VPN and Mobile Access blade. Somehow, when I try to initiate the traffic using public IP 202.44.145.55 from the endpoint security client, I get the following error.

Site creation failed
Failed to create the new site
Reason: Site is not responding

I followed SK 128652 but had no luck. I want to use my external IP 202.44.145.55 for remote access VPN.
Please guide me if any step or configuration is missing here

Thanks,
Digo.

Preview file
50 KB
Preview file
65 KB
Preview file
19 KB
Preview file
47 KB
0 Kudos
1 Solution

Accepted Solutions
Digo11
Contributor
‎2023-04-18 08:23 AM
In response to AleLovaz82
Jump to solution

Hello Experts. 

Sorry for my absence on this thread. @AleLovaz82  Yes I checked with your suggestions but no luck.

I missed providing one crucial piece of information initially. 

I was using a /31 public IP for P2P connectivity to an upstream router. As per TAC,  /31 has limitations so had to make it /30 and everything is working smoothly now.

 

Thank you, everyone.

Cheers!!

Digo.

View solution in original post

0 Kudos
8 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-04-04 02:59 AM
Jump to solution

Has the platform portal url/port been changed from default for access to the GAiA webui?

Also make sure there are no conflicting NAT rules.

CCSM R77/R80/ELITE
0 Kudos
Digo11
Contributor
‎2023-04-04 03:05 AM
In response to Chris_Atkinson
Jump to solution

Hi @Chris_Atkinson,

No, haven't done that yet. I can still access GAIA webui on HTTPS/443. Also, there's no NAT/DNAT rule for 202.44.145.55.

If I change the default GAIA WEBUI from 443 to something like 4434. will it work? Any other changes apart from this?

Thanks,

Digo.

0 Kudos
_Val_
Admin
Admin
‎2023-04-04 03:02 AM
Jump to solution

Also check sk113558

0 Kudos
Machine_Head
Advisor
Advisor
‎2023-04-04 03:16 AM
Jump to solution

Is the link selection box empty?

Or removed from the picture?
Try adding your public interface there

0 Kudos
Digo11
Contributor
‎2023-04-04 04:11 AM
In response to Machine_Head
Jump to solution

Hi, @Machine_Head I have included my external interface public IP in the link selection.

0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2023-04-04 04:24 AM
Jump to solution

have you done a tcpdump or fwmonitor on the vpn gateway filtering the client public ip ?
is there any answer?
have you disabled the implicit rules that allow client to connect to the gateway?
have you enabled endpoint security client as allowed client?
have you tried using ssl portal and ssl extender instead of a "full" client?

0 Kudos
Digo11
Contributor
‎2023-04-18 08:23 AM
In response to AleLovaz82
Jump to solution

Hello Experts. 

Sorry for my absence on this thread. @AleLovaz82  Yes I checked with your suggestions but no luck.

I missed providing one crucial piece of information initially. 

I was using a /31 public IP for P2P connectivity to an upstream router. As per TAC,  /31 has limitations so had to make it /30 and everything is working smoothly now.

 

Thank you, everyone.

Cheers!!

Digo.

0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2023-05-30 08:54 AM
In response to Digo11
Jump to solution

good to know! 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events