This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ERTK
Contributor
‎2022-01-17 05:13 AM

Vpn remote acces mab agains cluster with only private addres

Hi,

A customer had a cluster only with private range addres. 

On this cluster it had configured vpn remote acces making Nat on isp provider.

Recently they need to move Nat from isp to this cluster....but client cannot reach. 

Is it possible to make than this cluster make also this kind of Nat ( public interface is not configure on this cluster but isp provider route one public ip address for.thqt purpose)?

0 Kudos
8 Replies
G_W_Albrecht
Legend
Legend
‎2022-01-17 05:44 AM

If the ISP routes a public IP to a cluster, the cluster needs a WAN interface with that public IP that also should be part of the Remote Access community.

CCSE CCTE SMB Specialist
0 Kudos
ERTK
Contributor
‎2022-01-17 05:56 AM
In response to G_W_Albrecht

i understand. maybe creating an cluster interface with this public ip address like vip.....and configuring rules and vpn link selecction could it be.

 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-01-17 06:10 AM
In response to ERTK

Otherwise, the cluster will not feel responsible for this public IP...

CCSE CCTE SMB Specialist
0 Kudos
ERTK
Contributor
‎2022-01-17 06:18 AM
In response to G_W_Albrecht

I just create a dummy cluster interface with this public ip address like via pf this dummy....it is a internal interface..it means than the traffic must in for current transport interface between isp provider and this cluster. 

Vpn client connect but...after a few minutes it disconnect

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-01-17 06:39 AM
In response to ERTK

Afaik this can not work with an internal interface. Look into GW and RA client logs to see the reason the connection is lost!

CCSE CCTE SMB Specialist
0 Kudos
ERTK
Contributor
‎2022-01-17 06:44 AM
In response to G_W_Albrecht

sorry, the topology interface config like an external....i want to say that this interface is behind firewall in flow....

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-01-17 06:53 AM
In response to ERTK

Should be the external/WAN VIP interface of the cluster according to Remote Access Admin Guide. I would suggest to contact TAC as there may be a special config making this possible.

CCSE CCTE SMB Specialist
0 Kudos
ERTK
Contributor
‎2022-01-17 07:10 AM
In response to G_W_Albrecht

i'll do. Thanks

 

0 Kudos