This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlexandruD
Contributor
‎2023-10-10 08:02 AM
Jump to solution

MGMT IP address not accessible via RA VPN

Hello,

Anyone knows why a security gateway would exclude its management IP address out of the RA VPN client's routing table?

Case in point, the RA VPN community encryption domain includes the whole 10.0.0.0/8 subnet, yet the 10.0.0.X IP address, which is the management IP address of the security gateway where the RA VPN is terminated, is not included in the connected RA VPN client's routing table. The RA VPN client is  Check Point Mobile and uses IPsec to tunnel traffic.

 

Thank you

0 Kudos
1 Solution

Accepted Solutions
AlexandruD
Contributor
‎2023-10-18 12:13 PM
In response to AlexandruD
Jump to solution

Hello,

 

I finally got this working, it took a while for CP support to provide a fix, although a bit complicated for such a simple need:

- automatic MEP topology must be disabled oin the gateway, based on sk78180 (it already was disabled in my case)

- disable MEP topology retrieval in the VPN client's configuration, sk92676 (different than the default setting)

 

Screenshot 2023-10-18 220607.png

 

Best regards,

Alexandru

 

View solution in original post

6 Replies
the_rock
Legend
Legend
‎2023-10-10 10:28 AM
Jump to solution

I just checked in one of customers' environments and works fine, no issues. Can you see what is output of route print from user's machine?

Andy

0 Kudos
AlexandruD
Contributor
‎2023-10-10 12:01 PM
In response to the_rock
Jump to solution

 

Hi Andy,

Here is a snippet of a connected RA VPN client's provisioned routes. You can see that the routes exclude the specific 10.0.0.252 IP address (which is the MGMT address of the security gateway) from the rest of the routes within the 10.0.0.0/8 prefix. I cannot find any specific configuration for this behavior via SmartConsole, perhaps there might be some parameter I could ajust directly in the DB.

Screenshot 2023-10-10 215138.png

Best regards,

Alexandru

0 Kudos
the_rock
Legend
Legend
‎2023-10-10 12:12 PM
In response to AlexandruD
Jump to solution

I dont really see anything specific, below is just referred to dns when people log in via RA.

Andy

 

 

Screenshot_1.png

0 Kudos
AlexandruD
Contributor
‎2023-10-18 12:13 PM
In response to AlexandruD
Jump to solution

Hello,

 

I finally got this working, it took a while for CP support to provide a fix, although a bit complicated for such a simple need:

- automatic MEP topology must be disabled oin the gateway, based on sk78180 (it already was disabled in my case)

- disable MEP topology retrieval in the VPN client's configuration, sk92676 (different than the default setting)

 

Screenshot 2023-10-18 220607.png

 

Best regards,

Alexandru

 

the_rock
Legend
Legend
‎2023-10-18 12:32 PM
In response to AlexandruD
Jump to solution

Thanks for the update! 👍

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-10 02:00 PM
Jump to solution

Location Awareness enabled, perhaps?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events