Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fatalXerror
Contributor

IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

Hi Guys,

I am gathering some helpful information for a while now to suffice my concern.

I found this thread and followed it but it does shows what I wanted. 

https://community.checkpoint.com/thread/7204-restricting-remote-access-by-ipv4-address 

My concern is, I want to restrict a subnet from connecting to the VPN. For example, SUBNET-A should be the only subnet that can connect to my VPN using Endpoint VPN client. I tried in my lab what is in the link but I still can connect to VPN even though my endpoint does not belong to that subnet.

Is this really possible?

Thanks for the help.

3 Replies
G_W_Albrecht
Legend
Legend

It is possible - but what is shown in logs for you ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
fatalXerror
Contributor

Hi @Günther W. Albrecht, 

In my logs, i can only see "Key Install" and "Login" logs but these logs upon analyzing, it is pertaining to the VPN IP so the security rules will not to take effect. Is my understanding correct?

Above image is a sample, I am connecting to my external zone (sorry the object naming is incorrect).

How I can restrict a group of user like only the group of 10.10.10.0/24 can connect to the VPN?

Thanks in advance.

PhoneBoy
Admin
Admin

What, if anything, did you try from that the thread you mentioned?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events