Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ham2065
Explorer

Always-On VPN through a Checkpoint FW only one VPN session working

Hi 

I have a setup with Microsoft Always on VPN AOVPN running through a Checkpoint R80.40 Cluster and terminated on a Microsoft RRAS server.

I have allowed inbound traffic on ports UDP 500 and 4500 and created manual static NATs translating the external IP to the RRAS server in both directions. 

The AOVPN works for 1 vpn client but when a second client tries to connect they get a generic network connection error. 

We have a similar setup at another data centre running through an ASA cluster and AOVPN is working as expected i.e. multiple AOVPN simultaneously.

Is this due to a Nat Traversal issue?

Any help here would be appreciated. 

 

2 Replies
Chris_Atkinson
Employee Employee
Employee

Are the multiple clients connecting from behind the same remote source address or different?

For the static NAT are you using an interface address of the Gateway or an IP specifically allocated for NAT?

Reminds me of some fun had with PPTP many years ago...

 

CCSM R77/R80/ELITE
ham2065
Explorer

Hi Chris 

The clients are on the internet with individual IPs. The Static NAT external IP is dedicated just for AOVPN and is not the FW External Interface.

There is a similar posting on the forum here Solved: Always-On VPN through a Checkpoint FW - Check Point CheckMates

But we have it working but for only one client.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events