This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
K_montalvo
Advisor
‎2021-10-18 02:57 PM

Client to Site VPN r80.30

Jump to solution

Hello friends,

I would like to configure a client to site VPN on my r80.30 Security Gateway for a external contractor that would be working temporally. I would like to configure something simple, in the firewall rules i will only permit access to the internal server he would be working. If you guys have a configuration guide that can help, please share.

Thanks you all!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-10-20 08:26 AM
In response to K_montalvo

Jump to solution

What is the main IP of your gateway object?
Is it the external IP or something else?
If it is NOT the externally reachable IP, you'll need to set the relevant IP in the Link Selection setting.

View solution in original post

11 Replies
G_W_Albrecht
Legend
Legend
‎2021-10-19 02:24 AM

Jump to solution

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_RemoteAccessVPN_AdminGuide/T...

 

CCSE CCTE SMB Specialist
K_montalvo
Advisor
‎2021-10-19 12:18 PM
In response to G_W_Albrecht

Jump to solution

@G_W_Albrechtmany many thanks for posting that link i read it and was very informative!

K_montalvo
Advisor
‎2021-10-19 12:32 PM

Jump to solution

After the Remote Access VPN set up i tried to connect from Endpoint Security Client via the Security Gateway public facing IP and received the following error:"Site is not responding. You might be in hotspot environment" Can anyone guide me if there's is a setting for defining this on the Gateway or im missing something? Any help would be appreciated my friends!

Preview file
29 KB
0 Kudos
K_montalvo
Advisor
‎2021-10-19 01:54 PM
In response to K_montalvo

Jump to solution

@PhoneBoyBuddy can you help with this issue please, hope your well!

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-19 03:48 PM
In response to K_montalvo

Jump to solution

Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

K_montalvo
Advisor
‎2021-10-20 08:20 AM
In response to PhoneBoy

Jump to solution

@PhoneBoythat did not worked for me, also tried connecting using publicip:443 its connects the first time but after disconnecting and reconnect i received the same error  i have a hotspot enviroment internally but this vpn or mobile access network its not associated with this. Just to discard i will try to disable my internal captive portal and retry. If you have any other tips i can try are very welcome.

0 Kudos
K_montalvo
Advisor
‎2021-10-20 08:25 AM
In response to K_montalvo

Jump to solution

Also want to add that Im able to connect using console VPN from Android without issues, its only using the Endpoint Security Client will try from a personal laptop to connect using the E85.40_CheckPointVPN later since im not able to install since i have to uninstall fist the Endpoint Security. The goal is to have the contractor use the E85.40_CheckPointVPN since were not going to use the Endpoint Security on his Laptop. But for internal users will be using the Endpoint Security Client to use always auto connect to enforce the traffic go through the security gateway when roaming.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-20 08:26 AM
In response to K_montalvo

Jump to solution

What is the main IP of your gateway object?
Is it the external IP or something else?
If it is NOT the externally reachable IP, you'll need to set the relevant IP in the Link Selection setting.

K_montalvo
Advisor
‎2021-10-20 08:34 AM
In response to PhoneBoy

Jump to solution

What is the main IP of your gateway object?-172.16.0.1
Is it the external IP or something else?External IP its reacheable in traceroute from other external network and able to connect using capsule VPN from Android. The issue is at the moment using the Endpoint Security Client,(Will try tonight connecting from the E85.40_CheckPointVPN.
If it is NOT the externally reachable IP, you'll need to set the relevant IP in the Link Selection setting._I Here included the actual configuration, will try defining that link selection soon in lunch break and will let you know.

*Also tried clientless via SSL and did not worked, attached the error:

 

Preview file
4 KB
Preview file
25 KB
Preview file
135 KB
0 Kudos
K_montalvo
Advisor
‎2021-10-20 08:53 AM
In response to K_montalvo

Jump to solution

Disregard the Clientless VPN error i just fix it it was not enable on the properties, i still with the Endpoint Security Client issue. (the hotspot error)

0 Kudos
K_montalvo
Advisor
‎2021-10-20 09:19 AM
In response to PhoneBoy

Jump to solution

@PhoneBoyThe issue was  resolved setting the external public IP in the link selection and removing from "Apply these setting to VPN links option in the ISP redundancy page" now i will continue internal testing and prepare documentation for future references. As always many thanks for your help!

0 Kudos