This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
junior_kakou
Contributor
‎2024-10-02 02:44 AM

SSL error- failde to connect

hello everyone;

i'm getting the SSL error failed to connect with capsul-vpn. i have a CP 3600 behind a mikrotik router, i've created a NAT rule to redirect port 10.10.11.2:443 (public ip) on the microtik to port 10.10.10.1:443 (ip LAN) on the CP. When the destination address (10.10.11.2) is specified in the microtik's NAT rule, some web pages are not displayed and the remote VPN passes normally. But when it is not specified, the web pages are displayed but the remote VPN no longer works. Do you have any ideas? I'm thinking of a conflict on the port, but how can I resolve it?

Thanks

 

0 Kudos
10 Replies
AkosBakos
MVP Silver
MVP Silver
‎2024-10-02 02:55 AM

What kind of NAT did you use?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
junior_kakou
Contributor
‎2024-10-02 04:53 AM
In response to AkosBakos

static NAT

 

Static NAT

Capture d'écran vpn2.pngCapture vpn1.png

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-10-02 05:23 AM
In response to junior_kakou

Can you select 0 for any protocol or no?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-02 08:41 AM

You need to configure Link Selection in this case (in the Gateway object) to the external IP on the Mikrotik router.

junior_kakou
Contributor
‎2024-10-02 08:48 AM
In response to PhoneBoy

Sorry, I don't understand.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-10-02 08:54 AM
In response to junior_kakou

This is what @PhoneBoy is referring to.

Andy

 

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
junior_kakou
Contributor
‎2024-10-02 11:50 AM
In response to the_rock

the solution doesn't work. is it possible to change port 443 to another alternative port on checkpoint and how do I do it? thank you.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-10-02 01:38 PM
In response to junior_kakou

Change port for what?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-02 01:50 PM
In response to junior_kakou

What is the exact behavior?

The way to change the port is by changing the Visitor Mode port, which can only be done if Mobile Access Blade is not used.
This is done in the relevant gateway object under IPsec VPN > Remote Access.
Site must be added to the client with the port number (e.g. 10.10.11.2:8443)

junior_kakou
Contributor
‎2024-10-04 04:36 AM
In response to PhoneBoy

ok merci à tous pour vos éclairages. le problème est résolu après avoir indiqué dans la règle NAT sur le routeur Microtik, l'interface sur laquelle arrive la connexion Wan.

capture port eth1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events