This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ham2065
Explorer
‎2022-08-31 12:35 AM

Always-On VPN through a Checkpoint FW only one VPN session working

Hi 

I have a setup with Microsoft Always on VPN AOVPN running through a Checkpoint R80.40 Cluster and terminated on a Microsoft RRAS server.

I have allowed inbound traffic on ports UDP 500 and 4500 and created manual static NATs translating the external IP to the RRAS server in both directions. 

The AOVPN works for 1 vpn client but when a second client tries to connect they get a generic network connection error. 

We have a similar setup at another data centre running through an ASA cluster and AOVPN is working as expected i.e. multiple AOVPN simultaneously.

Is this due to a Nat Traversal issue?

Any help here would be appreciated. 

 

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-08-31 01:17 AM

Are the multiple clients connecting from behind the same remote source address or different?

For the static NAT are you using an interface address of the Gateway or an IP specifically allocated for NAT?

Reminds me of some fun had with PPTP many years ago...

 

CCSM R77/R80/ELITE
0 Kudos
ham2065
Explorer
‎2022-08-31 03:24 PM
In response to Chris_Atkinson

Hi Chris 

The clients are on the internet with individual IPs. The Static NAT external IP is dedicated just for AOVPN and is not the FW External Interface.

There is a similar posting on the forum here Solved: Always-On VPN through a Checkpoint FW - Check Point CheckMates

But we have it working but for only one client.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events