AnsweredAssumed Answered

Clients from another LAN can't reach server from another LAN

Question asked by Darius Manabat on Jan 4, 2019
Latest reply on Jan 10, 2019 by Chris Atkinson

I have a question about Site-Site VPN, and my concern is that the client computers from LAN_A could not access the server from LAN_B (RDP protocol).

 

VPN Community

Type: Star

Name: Asia

Center Gateways: fw-HongKong

Satellite Gateways: fw-Indonesia (LAN_A) and fw-Malaysia (LAN_B)

VPN Routing- To center and to other satellites through center

 

fw-HongKong

Gateway: Checkpoint 2200

Version: R77.30 Build 204

 

fw-Indonesia

Gateway: Checkpoint 1450

Version: R77.20

 

fw-Malaysia

Gateway: Checkpoint 1100

Version: R77.20

 

Keep in mind that above gateways are also a satellite gateways of another VPN Community (Star) which is Global. Upon checking the SmartLog, I noticed that the traffic is trying to encrypt in HQ gateway which is part of the Global Community, and is being dropped. I want to know how the traffic can be routed to the Center gateway in Asia (which is fw-HongKong) and reach the server in LAN_B which is behind fw-Malaysia gateway.

 

I already added the required rule in the destination Policy but it still failing, I guess the traffic is routed to the Center gateways in Global Community? Any ideas what to check?

 

Thanks for the time in reading from a newbie

Outcomes