Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Digo11
Contributor
Jump to solution

Remote Access VPN using external interface Public IP

Hello Experts,

Good day to everyone.

I have a standalone 6600 security gateway managed by Smart-1 410 appliance. I have a private Mgmt IP (Gateway Object) 192.168.10.10 and External Interface is configured with a public IP 202.44.145.55. I have some web servers inside the Checkpoint and everything works fine as of now.

Checkpoint R81.10 Take 87
Valid license for Mobile Access and IPsec VPN

Default Route: 202.44.145.57

I have also configured remote access VPN by enabling IPsec VPN and Mobile Access blade. Somehow, when I try to initiate the traffic using public IP 202.44.145.55 from the endpoint security client, I get the following error.

Site creation failed
Failed to create the new site
Reason: Site is not responding

I followed SK 128652 but had no luck. I want to use my external IP 202.44.145.55 for remote access VPN.
Please guide me if any step or configuration is missing here

Thanks,
Digo.

0 Kudos
1 Solution

Accepted Solutions
Digo11
Contributor

Hello Experts. 

Sorry for my absence on this thread. @AleLovaz82  Yes I checked with your suggestions but no luck.

I missed providing one crucial piece of information initially. 

I was using a /31 public IP for P2P connectivity to an upstream router. As per TAC,  /31 has limitations so had to make it /30 and everything is working smoothly now.

 

Thank you, everyone.

Cheers!!

Digo.

View solution in original post

0 Kudos
8 Replies
Chris_Atkinson
Employee Employee
Employee

Has the platform portal url/port been changed from default for access to the GAiA webui?

Also make sure there are no conflicting NAT rules.

CCSM R77/R80/ELITE
0 Kudos
Digo11
Contributor

Hi @Chris_Atkinson,

No, haven't done that yet. I can still access GAIA webui on HTTPS/443. Also, there's no NAT/DNAT rule for 202.44.145.55.

If I change the default GAIA WEBUI from 443 to something like 4434. will it work? Any other changes apart from this?

Thanks,

Digo.

0 Kudos
_Val_
Admin
Admin

Also check sk113558

0 Kudos
Gojira
Collaborator
Collaborator

Is the link selection box empty?

Or removed from the picture?
Try adding your public interface there

0 Kudos
Digo11
Contributor

Hi, @Gojira I have included my external interface public IP in the link selection.

0 Kudos
AleLovaz82
Contributor

have you done a tcpdump or fwmonitor on the vpn gateway filtering the client public ip ?
is there any answer?
have you disabled the implicit rules that allow client to connect to the gateway?
have you enabled endpoint security client as allowed client?
have you tried using ssl portal and ssl extender instead of a "full" client?

0 Kudos
Digo11
Contributor

Hello Experts. 

Sorry for my absence on this thread. @AleLovaz82  Yes I checked with your suggestions but no luck.

I missed providing one crucial piece of information initially. 

I was using a /31 public IP for P2P connectivity to an upstream router. As per TAC,  /31 has limitations so had to make it /30 and everything is working smoothly now.

 

Thank you, everyone.

Cheers!!

Digo.

0 Kudos
AleLovaz82
Contributor

good to know! 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events