This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KevinA
Participant
‎2020-08-06 05:07 PM
Jump to solution

Site to Site VPN issue on 770 Appliance

Hi All,

 

We have configured a Site to Site VPN on our 770 appliance with one of our partners, and everything works fine.

However their is an issue accessing a web site which resolves to the same public IP as the VPN tunnel. For some reason the CP is sending the traffic to the VPN tunnel and not out the internet.

Has anyone faced this before? or any ideas?

 

Thanks,

Kevin

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-08-07 03:11 AM
In response to KevinA
Jump to solution

You can exclude the peers routable IP from Enc Domain, that is, let all connections from internal networks to the public IP go thru Internet, see sk86582: Excluding subnets in encryption domain from accessing a specific VPN community, then this traffic will go thru internet. Strange, but possible...

Please refer to Locally managed SMBs and .def files for implementation !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-08-07 12:49 AM
Jump to solution

A public routable IP can exist only once, so there is something very fishy going on here and i must not comment...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
KevinA
Participant
‎2020-08-07 01:59 AM
In response to G_W_Albrecht
Jump to solution

Hi @G_W_Albrecht ,

Sorry if my question / description of the issue was not clear.

The web site that cannot be accessed is also hosted by the same partner that we have the Site-to-Site terminating on.

(So the Tunnel IP is the same for the URL - they have got some kind of portforward set up on  their end)

Unfortunately they cannot/will not let us access the URL via the private IP.

Thanks,

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-08-07 03:11 AM
In response to KevinA
Jump to solution

You can exclude the peers routable IP from Enc Domain, that is, let all connections from internal networks to the public IP go thru Internet, see sk86582: Excluding subnets in encryption domain from accessing a specific VPN community, then this traffic will go thru internet. Strange, but possible...

Please refer to Locally managed SMBs and .def files for implementation !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
KevinA
Participant
‎2020-08-10 06:45 PM
In response to G_W_Albrecht
Jump to solution

I owe u a beer mate 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top