Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Routes distribution throught vpn ssl extender

Hi all,

I'm not sure if this request has been already done,if so please let me know where I can find it.

Well here is my situation, I've configured a VPN ssl extender and everything is working fine, endpoints are receiving the ip address that I've established but when I type a route print on the endpoint I see that they're receiving some network ranges from my checkpoint and those are the network ranges that the checkpoint has connected. With this said I have two questions:

1- How can I avoid the checkpoint sends those networks to the endpoints?

2- How can I propagate the ip address ranges needed to the endpoint's routing tables ? 

I've looking around and I've found nothing, 

I'm using the SmartConsole R80.20 to configure everything and my checkpoint is 5000 serie.

Any help would be appreciated.

0 Kudos
3 Replies
Highlighted
Admin
Admin

The routes sent to the client are a function of the encryption domain you've configured in your gateway object.
To control that, modify the encryption domain accordingly.
If you need the encryption domain to contain those networks for site-to-site VPNs, then you will need to use appropriate rules to prevent access to those networks.
Unfortunately routes for those networks will still show on the client.
0 Kudos
Highlighted
Explorer

Thank you so much for replying Phoneboy, I'll be checking that out and see how that works.

0 Kudos
Highlighted
Leader
Leader

You can have two encryption domains on the gateway, one for the site 2 site VPN and another one for remote access.

With this extra remote access encryption domain you can define different networks ( shown as routes on the client ) for your ssl extender clients.

Wolfgang

0 Kudos