Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sparks
Explorer

Remote access VPN cannot access Azure Tunnel. But the local area can connect to Azure Tunnel

I'm using Checkpoint 5100

Firewall (IP 192.168.1.254) is connected to Azure via Route based with IP 10.x.x.x/16 with settings below;

vpn settings.PNGvpn settings 1.PNGvpn settings 2.PNG

 

I have 2 Sites using def. Lan IP 192.168.1.0/24 and 192.168.2.0. Both sites are inter-connected via IPVPN/MPLS connection.

I create a network group called "MyLocalNetwork" which includes the following network (192.168.1.0/24, 192.168.2.0/24)

Source: MyLocalNetwork, AzureGW | Destination: MyLocalNetwork, AzureGW | VPN: AzureVPN | Services: Any | Action: Accept | Track: Lag

2 Sites can now access the Azure app via gateway of 1.0 and 2.0 going to Firewall (IP 192.168.1.254). All users of 2 Sites can access the apps via 10.x.x.x/16 just like local connection.

next

I configure the RemoteAccess Community by adding Gateway device to Participating gateway.

I created users and groups that i will add to Participant Users Groups at the VPN RemoteAccess Community.

I'm using Office Mode and use the Manual IP Pool which is the CP_default_Office_Mode_Address_Pool (172.16.10.0/24).

I add the CP_default_Office_Mode_Address_Pool (172.16.10.0/24) to VPN  Domain as part of the network.

I created a policy for the remote access.

Source: VPN users, VPN connection | Destination: MyLocalNetwork | VPN: RemoteAccess | Services:Any | Action: Accept | Track: Lag

set-up Check Point Endpoint security VPN Client to other laptop. add the site, and use username and password. connection successful

I can now access the company network while i' m outside. i can ping the 192.168.1.0/24 and 2.0/24 network.

 

The main issue, i can't access the application on the azure while im using vpn outside the office.

I tried to add the CP_default_Office_Mode_Address_Pool (172.16.10.0/24) and the AzureVPN IP(10.x.x.x/16)  as part of MyLocalNetwork but the problems i encountered was the 2 sites are not able to access the Azure network 10.x.x.x/16 . The connection is disconnected.

i check the logs, Drop

172.16.10.1 was block to access 10.x.x.1 | encryption failure : Security warning: received a cleartext packet within an encrypted connection 

VPN Feature: IKE

can anyone here will help me to resolved the issue.

appreciate your help.

Thank you.

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Does your Remote Access encryption domain include the Azure subnet?
This is required to route the traffic through the S2S VPN.
Further, the Azure side must know about the Office Mode subnet.

0 Kudos
Sparks
Explorer

Yes. the 172.16.10.0/24 is already added to domain as well as to azure side. but still no traffic coming from 172.16.10.0/24 going to Azure 10.x.x.x/16.

0 Kudos
Sparks
Explorer

Once the subnet of Azure is added to the encryption domain, the connection between internal/local connection from 2 sites will be disconnected.

The VPN Client still no connection and there's no traffic seen coming from 172.16.10.0/24 going to Azure 10.x.x.x/24

0 Kudos
Juan_Brion_Garc
Explorer

Hi Sparks,

 

Have you find solution for that issue?

Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events