Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rajesh_s
Contributor

Remote access vpn community

Hello all,

We have 2 gateways in remote access vpn community, If i connected one gateway after some time vpn client automatically trying to reconnect to other gateway, How do i stop vpn client automatically automatically connecting to different gateway.

Our setuup as mentioned below.

Checkpoint version R77.30

Remote access vpn community

Gateway1  1.1.1.1  (San Jose)

gateway2   2.2.2.2  (Teaneck)

Gateway3  3.3.3.3  (Pittsburgh)

If i connect to gateway1 i can able to access San Jose local network, Gateway2  Teaneck and Gateway3 Pittsburgh.

San Jos users can only connect to gateway1, Teaneck user can only connect Gateway2 and Pittsburgh users can only connect to gateway3, 

First time San Jose user while connecting remote access vpn they will select the Gateway1 and connect will successful but after some time vpn client automatically trying to reconnect to gateway2 and ask to enter the credentials, user will enter the gateway1 credentials then authentication will fail after 3 attempts user account getting locked.

How do i stop automatically connecting to different gateways?.

7 Replies
PhoneBoy
Admin
Admin

Sounds like each gateway should have a different Remote Access VPN community.

Why don't they?

GregorioLujan
Explorer

Hello.

I think that in some versions it is not possible to create two different Remote Access VPN communities. For example, in R80.10 is not possible.

Do you know a proper way to configure independent Remote Access VPNs?  I have two gateways managed by the same Smart Console. And I need to create one independent RA VPN to each gateway.

But I obtain the same behaviour. After logging in to the first gateway, the VPN client tries to log in to the other gateway.

 

Thank you very much.

0 Kudos
GrassF
Participant

Hi,

what was the solution to this issue. I'm having the same issue with R80.40.

Thank you

0 Kudos
GregorioLujan
Explorer

Hello.

Do you found any solution?   I have the same behavior in R80.10. 

Thank you very much.

0 Kudos
PhoneBoy
Admin
Admin

There can only be a single RemoteAccess community per management domain.
Further, a gateway can only have one encryption domain for Site-to-Site VPN and a separate one for Remote Access.
You can use access control rules to determine who can access what.
Truly separate RemoteAccess communities requires separate gateways managed by a separate management domain.
Otherwise, you’re in RFE territory.

0 Kudos
Vladimir
Champion
Champion

Do you have "Always Connect" option disabled for all three sites?

If not, they will inevitably attempt to reconnect and boot each other out.

0 Kudos
GrassF
Participant

Hi,

my issue has been resolved with sk78180. The automatic mep topology should be disabled.

0 Kudos