This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sparks
Explorer
‎2020-10-07 08:35 PM

Remote access VPN cannot access Azure Tunnel. But the local area can connect to Azure Tunnel

I'm using Checkpoint 5100

Firewall (IP 192.168.1.254) is connected to Azure via Route based with IP 10.x.x.x/16 with settings below;

vpn settings.PNGvpn settings 1.PNGvpn settings 2.PNG

 

I have 2 Sites using def. Lan IP 192.168.1.0/24 and 192.168.2.0. Both sites are inter-connected via IPVPN/MPLS connection.

I create a network group called "MyLocalNetwork" which includes the following network (192.168.1.0/24, 192.168.2.0/24)

Source: MyLocalNetwork, AzureGW | Destination: MyLocalNetwork, AzureGW | VPN: AzureVPN | Services: Any | Action: Accept | Track: Lag

2 Sites can now access the Azure app via gateway of 1.0 and 2.0 going to Firewall (IP 192.168.1.254). All users of 2 Sites can access the apps via 10.x.x.x/16 just like local connection.

next

I configure the RemoteAccess Community by adding Gateway device to Participating gateway.

I created users and groups that i will add to Participant Users Groups at the VPN RemoteAccess Community.

I'm using Office Mode and use the Manual IP Pool which is the CP_default_Office_Mode_Address_Pool (172.16.10.0/24).

I add the CP_default_Office_Mode_Address_Pool (172.16.10.0/24) to VPN  Domain as part of the network.

I created a policy for the remote access.

Source: VPN users, VPN connection | Destination: MyLocalNetwork | VPN: RemoteAccess | Services:Any | Action: Accept | Track: Lag

set-up Check Point Endpoint security VPN Client to other laptop. add the site, and use username and password. connection successful

I can now access the company network while i' m outside. i can ping the 192.168.1.0/24 and 2.0/24 network.

 

The main issue, i can't access the application on the azure while im using vpn outside the office.

I tried to add the CP_default_Office_Mode_Address_Pool (172.16.10.0/24) and the AzureVPN IP(10.x.x.x/16)  as part of MyLocalNetwork but the problems i encountered was the 2 sites are not able to access the Azure network 10.x.x.x/16 . The connection is disconnected.

i check the logs, Drop

172.16.10.1 was block to access 10.x.x.1 | encryption failure : Security warning: received a cleartext packet within an encrypted connection 

VPN Feature: IKE

can anyone here will help me to resolved the issue.

appreciate your help.

Thank you.

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-10-07 09:28 PM

Does your Remote Access encryption domain include the Azure subnet?
This is required to route the traffic through the S2S VPN.
Further, the Azure side must know about the Office Mode subnet.

0 Kudos
Sparks
Explorer
‎2020-10-07 09:44 PM
In response to PhoneBoy

Yes. the 172.16.10.0/24 is already added to domain as well as to azure side. but still no traffic coming from 172.16.10.0/24 going to Azure 10.x.x.x/16.

0 Kudos
Sparks
Explorer
‎2020-10-08 02:55 AM
In response to PhoneBoy

Once the subnet of Azure is added to the encryption domain, the connection between internal/local connection from 2 sites will be disconnected.

The VPN Client still no connection and there's no traffic seen coming from 172.16.10.0/24 going to Azure 10.x.x.x/24

0 Kudos
Juan_Brion_Garc
Explorer
‎2021-06-24 10:01 AM
In response to Sparks

Hi Sparks,

 

Have you find solution for that issue?

Regards

0 Kudos
hnyandoro
Explorer
‎2025-02-20 12:37 AM

Having the same challenge, have you been assisted on this one?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events