- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Always-On VPN through a Checkpoint FW only one...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Always-On VPN through a Checkpoint FW only one VPN session working
Hi
I have a setup with Microsoft Always on VPN AOVPN running through a Checkpoint R80.40 Cluster and terminated on a Microsoft RRAS server.
I have allowed inbound traffic on ports UDP 500 and 4500 and created manual static NATs translating the external IP to the RRAS server in both directions.
The AOVPN works for 1 vpn client but when a second client tries to connect they get a generic network connection error.
We have a similar setup at another data centre running through an ASA cluster and AOVPN is working as expected i.e. multiple AOVPN simultaneously.
Is this due to a Nat Traversal issue?
Any help here would be appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are the multiple clients connecting from behind the same remote source address or different?
For the static NAT are you using an interface address of the Gateway or an IP specifically allocated for NAT?
Reminds me of some fun had with PPTP many years ago...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris
The clients are on the internet with individual IPs. The Static NAT external IP is dedicated just for AOVPN and is not the FW External Interface.
There is a similar posting on the forum here Solved: Always-On VPN through a Checkpoint FW - Check Point CheckMates
But we have it working but for only one client.