Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
enapp
Explorer

SecureRemote VPN DNS not working

Hi,

My 1500 Locally Managed is running R80.20.40 (992002691) and today I was able to establish the Remote Acess VPN with the following settings:

- Static IP for Remote Access: 192.168.x.254 (not using public ip due to Internet load balancing on ISP Router).

- VPN Remote Access users can connect via: Check Point VPN clients.

- Remota Acces Users: Active Directory Group (but on the Remote Access Tab show: No local users and groups are defined with VPN remote access permissions.

- Permissions for Active Directory users: Selected AD Users Groups

- Office Mode Remote Network: 172.18.x.0 Subnet Mask: /24

- Manually choose a VPN certificate: Default VPN and Cluste Certificate

- Local encryption domain is defined: automatically according to topology

- DNS servers for Remote Users: This Gateway

- Office Mode Second DNS for clientes: 192.168.xyz.201

- DNS Domain Name: Automatically

 

 

The connection works but still dealing with some issues:

1. The virtual adapter on the client (Windows 11) gets the IP 192.168.0.2 Subnet Mask: 255.255.255.252, DHCP Server: 192.168.0.1.

a) Even if set Remote Office Mode to allocate IP´s from one of my local lan (172.18.x.0) the IP given is the above (192.168.0.2).

b) The adapter does not receive a DNS address so access to internal resources only works if I manually set a DNS server on the adapter.

 

2. SIP traffic is working one way only. We use a Lync Server 2013 and the users inside the company can hear the remote user. Looking to the logs the source is the IP (192.168.8.100) of the W11 client configured via DHCP on the Local Wifi adapter.

UDP/22618 Dropped with the error message: Violated unidirectional connection.

 

3. The Connected Remote Users remains empty even if a connection is established.

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

This is largely due to the choice of VPN client SecuRemote doesn't support office mode and hence the DNS config is also different. 

If an office mode address is needed choose a different client type.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Chris brings up a good point...secure remote never supported office mode.

https://sc1.checkpoint.com/documents/E85.40/EN/CP_E85.40_RemoteAccessClients_forWin_ReleaseNotes/Con...

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Just change the installed client type (no reinstall needed):

Changing the Standalone Remote Access Client flavo...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

DNS works differently on SecuRemote due to the lack of Office Mode support.
See the guide I wrote up here: https://community.checkpoint.com/t5/Remote-Access-VPN/Quick-Primer-on-How-to-Configure-your-Gateway-... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events