This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rajesh_s
Contributor
‎2018-10-03 06:26 AM

Remote access vpn community

Hello all,

We have 2 gateways in remote access vpn community, If i connected one gateway after some time vpn client automatically trying to reconnect to other gateway, How do i stop vpn client automatically automatically connecting to different gateway.

Our setuup as mentioned below.

Checkpoint version R77.30

Remote access vpn community

Gateway1  1.1.1.1  (San Jose)

gateway2   2.2.2.2  (Teaneck)

Gateway3  3.3.3.3  (Pittsburgh)

If i connect to gateway1 i can able to access San Jose local network, Gateway2  Teaneck and Gateway3 Pittsburgh.

San Jos users can only connect to gateway1, Teaneck user can only connect Gateway2 and Pittsburgh users can only connect to gateway3, 

First time San Jose user while connecting remote access vpn they will select the Gateway1 and connect will successful but after some time vpn client automatically trying to reconnect to gateway2 and ask to enter the credentials, user will enter the gateway1 credentials then authentication will fail after 3 attempts user account getting locked.

How do i stop automatically connecting to different gateways?.

7 Replies
PhoneBoy
Admin
Admin
‎2018-10-03 07:33 PM

Sounds like each gateway should have a different Remote Access VPN community.

Why don't they?

GregorioLujan
Explorer
‎2021-04-05 07:45 AM
In response to PhoneBoy

Hello.

I think that in some versions it is not possible to create two different Remote Access VPN communities. For example, in R80.10 is not possible.

Do you know a proper way to configure independent Remote Access VPNs?  I have two gateways managed by the same Smart Console. And I need to create one independent RA VPN to each gateway.

But I obtain the same behaviour. After logging in to the first gateway, the VPN client tries to log in to the other gateway.

 

Thank you very much.

0 Kudos
GrassF
Contributor
‎2021-02-18 06:22 AM

Hi,

what was the solution to this issue. I'm having the same issue with R80.40.

Thank you

0 Kudos
GregorioLujan
Explorer
‎2021-04-05 07:03 AM

Hello.

Do you found any solution?   I have the same behavior in R80.10. 

Thank you very much.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-05 08:35 AM
In response to GregorioLujan

There can only be a single RemoteAccess community per management domain.
Further, a gateway can only have one encryption domain for Site-to-Site VPN and a separate one for Remote Access.
You can use access control rules to determine who can access what.
Truly separate RemoteAccess communities requires separate gateways managed by a separate management domain.
Otherwise, you’re in RFE territory.

0 Kudos
Vladimir
Champion
Champion
‎2021-04-05 12:53 PM

Do you have "Always Connect" option disabled for all three sites?

If not, they will inevitably attempt to reconnect and boot each other out.

0 Kudos
GrassF
Contributor
‎2021-04-06 12:23 AM
In response to Vladimir

Hi,

my issue has been resolved with sk78180. The automatic mep topology should be disabled.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top