This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
msl58
Explorer
Saturday

Enable Internet Access to LAN RRAS IPSec/LT2P VPN Server Behind 1530 Appliance

My IPS just provided me with a 1530 Appliance running R80.20.15, in place of another vendor's appliance which had failed.

In my LAN I am running RRAS on a Microsoft Server 2019 to provide IPSec/LT2P access to my LAN from the Internet. This server is NAT-ed behind the appliance firewall.

My ISP does not know how to enable this. I know nothing about Checkpoint appliances either,

I think what I need to do is:

  1. Define new Service ESP (IP Protocol 50)
  2. Define new Service AH (IP Protocol 51)
  3. Allow UDP Ports 500, 4500, and 1701
  4. Forward all of the above IP protocols and UDP ports to the RRAS server in the LAN according to its NAT-ed address. 

Am I correct? Is there an error in what I wrote? Did I forget something?

If my list of tasks is correct, I would be grateful for painfully explicit instructions as to how to accomplish the above. 

TIA!

 

Labels
0 Kudos
1 Reply
PhoneBoy
Admin
Admin
5 hours ago

The device does have Remote Access functionality built into it, FYI.
Make sure both Remote Access and Site to Site VPN are disabled in Home > Overview > Security Dashboard

I don't believe you need to forward IP Proto 50/51, but could be wrong.
However, you should create a Server object in Users and Objects > Network Resources > Servers and specify the correct ports:

Screenshot 2024-09-09 at 11.14.27 AM.png

Set the other options as appropriate in the object.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events