Create a Post
Showing results for 
Search instead for 
Did you mean: 

Remote access VPN cannot access Azure Tunnel. But the local area can connect to Azure Tunnel

I'm using Checkpoint 5100

Firewall (IP is connected to Azure via Route based with IP 10.x.x.x/16 with settings below;

vpn settings.PNGvpn settings 1.PNGvpn settings 2.PNG


I have 2 Sites using def. Lan IP and Both sites are inter-connected via IPVPN/MPLS connection.

I create a network group called "MyLocalNetwork" which includes the following network (,

Source: MyLocalNetwork, AzureGW | Destination: MyLocalNetwork, AzureGW | VPN: AzureVPN | Services: Any | Action: Accept | Track: Lag

2 Sites can now access the Azure app via gateway of 1.0 and 2.0 going to Firewall (IP All users of 2 Sites can access the apps via 10.x.x.x/16 just like local connection.


I configure the RemoteAccess Community by adding Gateway device to Participating gateway.

I created users and groups that i will add to Participant Users Groups at the VPN RemoteAccess Community.

I'm using Office Mode and use the Manual IP Pool which is the CP_default_Office_Mode_Address_Pool (

I add the CP_default_Office_Mode_Address_Pool ( to VPN  Domain as part of the network.

I created a policy for the remote access.

Source: VPN users, VPN connection | Destination: MyLocalNetwork | VPN: RemoteAccess | Services:Any | Action: Accept | Track: Lag

set-up Check Point Endpoint security VPN Client to other laptop. add the site, and use username and password. connection successful

I can now access the company network while i' m outside. i can ping the and 2.0/24 network.


The main issue, i can't access the application on the azure while im using vpn outside the office.

I tried to add the CP_default_Office_Mode_Address_Pool ( and the AzureVPN IP(10.x.x.x/16)  as part of MyLocalNetwork but the problems i encountered was the 2 sites are not able to access the Azure network 10.x.x.x/16 . The connection is disconnected.

i check the logs, Drop was block to access 10.x.x.1 | encryption failure : Security warning: received a cleartext packet within an encrypted connection 

VPN Feature: IKE

can anyone here will help me to resolved the issue.

appreciate your help.

Thank you.



0 Kudos
4 Replies

Does your Remote Access encryption domain include the Azure subnet?
This is required to route the traffic through the S2S VPN.
Further, the Azure side must know about the Office Mode subnet.

0 Kudos

Yes. the is already added to domain as well as to azure side. but still no traffic coming from going to Azure 10.x.x.x/16.

0 Kudos

Once the subnet of Azure is added to the encryption domain, the connection between internal/local connection from 2 sites will be disconnected.

The VPN Client still no connection and there's no traffic seen coming from going to Azure 10.x.x.x/24

0 Kudos

Hi Sparks,


Have you find solution for that issue?


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events