This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
svori
Collaborator
Collaborator
‎2023-10-26 11:22 AM
Jump to solution

Remote access users access resources behind site to site tunnel

Hi,

 

I am trying to solve an issue where i need remote access users to be able to connect to resources behind a site to site tunnel.

Remote users connect to on premises Check Point cluster (R81.20 Take26) using Check Point Mobile client and can access resources in on premises datacenter.

But they also need to access resources that is located on the other end of an site to site tunnel.

I saw the Remote Access community, but i cannot add this interopable device there. I suspect it must be an Check Point host for that.

What can be done to enable routing between these two vpn domains ?

Preview file
25 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-10-27 09:44 AM
In response to svori
Jump to solution

These are gateways that directly terminate Remote Access connections.
What you need to modify is the Remote Access Encryption Domain, which is modified in the Gateway object:

image.png

The object referred to here should be a group object that includes both your local IP addresses (i.e. your local encryption domain) and the remote IP addresses you wish to be accessible (i.e. the remote encryption domain).

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
‎2023-10-26 01:55 PM
Jump to solution

You don't add the Interoperable Device, but you add the networks behind that device to the Remote Access Community.

0 Kudos
svori
Collaborator
Collaborator
‎2023-10-26 11:24 PM
In response to PhoneBoy
Jump to solution

Hi,

The RemoteAccess community only has two options:

Add participating gateway and Participating User Groups

So i do not know where i should add these networks ?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-27 09:44 AM
In response to svori
Jump to solution

These are gateways that directly terminate Remote Access connections.
What you need to modify is the Remote Access Encryption Domain, which is modified in the Gateway object:

image.png

The object referred to here should be a group object that includes both your local IP addresses (i.e. your local encryption domain) and the remote IP addresses you wish to be accessible (i.e. the remote encryption domain).

svori
Collaborator
Collaborator
‎2023-10-30 01:14 AM
In response to PhoneBoy
Jump to solution

Thank you Phoneboy 🙏 appreciate your help 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events