This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
uws4ks
Explorer
‎2024-07-02 06:29 AM

Nat Loopback issue

Hi Everyone 

I have a question for the experienced people here.

I have a VPN installed on my workphones which works perfectly from remote networks.

But it doesn't work on the same network in the office where the server is installed.

I have been led to believe that a Nat Loopback needs to be configured for the devices to connect via VPN on the same local network as the Server.

Anyone who may have done this or knows how I need to configure the NAT loopback ?

For Example, Server's External IP is 1.1.1.1, its internal IP is 192.168.1.51

The Devices get their IP via DHCP from 100 and above in this range.

 

0 Kudos
8 Replies
Lesley
Authority Authority
Authority
‎2024-07-02 01:14 PM

Are the clients and server in the same 192.168.1.X network? What is the subnet?

Why VPN is enabled if they are in the office? If users are connected via VPN it will change the local routing table.

Also it could be related to DNS. With or without you could different DNS output for the server you want to reach unless you try to connect it via IP. 

I don't think the loopback will fix anything

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
uws4ks
Explorer
‎2024-07-03 04:42 AM
In response to Lesley

Yes, clients are in the same IP range. 

So the VPN is used for the Clients to make secure calls with each other. 

One client can be in the office and another client can be somewhere else and when they are connected with a VPN they can have a secure conversation. But for example, Client 1 is in the office and is connected with Wi-fi, the IP range is for example 192.168.131.x with a net mas 255.255.255.0. Where the server has an internal IP for example 192.168.131.31. The wireless devices get their IPs by DHCP from 100 and above. So when the Client is in the Office and his device gets an IP 192.168.131.101 for example it won't connect with the VPN of course. I'm looking for a solution if there is any for this issue. This is how they have had their network set up and they don't want to change it. Since they are a small company they want to have everything in this range. There may be several answers and solutions for this, so I'm open to receive you knowledge on this matter and want to thank you for taking your time to help.

 

0 Kudos
the_rock
Legend
Legend
‎2024-07-02 05:00 PM

When you say same network in the office where server is installed, can you clarify? To me, that insinuates testing the VPN inside the network, which would defeat the purpose.

Unless I totally misunderstood...apologies in that case.

Best,

Andy

0 Kudos
uws4ks
Explorer
‎2024-07-03 04:49 AM
In response to the_rock

Hi Andy , 

So the VPN is used for some phones to be connected through and to talk to each other in a more secure way.

They work perfectly remotely, but the issue is that the company is so small and they use the same IP range for everything , there are no subnets or anything. So for example The Server has an internal IP of 192.168.131.31 and the phone has an IP of 192.168.131.111. The phone won't connect to the VPN so it won't be able to talk to another partner who is on field duty via the secure line. I hope this clarifies it more and what is the best solution in this case , without making big changes on the system. All they want now is when they are connected to the Wifi in the office for their VPN to work.

0 Kudos
the_rock
Legend
Legend
‎2024-07-03 05:36 AM
In response to uws4ks

K, sorry, not trying to be pain in the a** as they say (lol), but, do you happen to have basic network diagram of this? You can even scribble something on piece of paper, take picture, and upload. I just want to make sure I understand this 100% properly.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-07-03 09:31 AM
In response to uws4ks

K, no clue if this is right, but this is what I understand...

Andy

 

Screenshot_1.png

0 Kudos
uws4ks
Explorer
‎2024-07-03 11:39 PM
In response to the_rock

Yes pretty much this is. I know it goes against what VPN,

But,can I somehow route the traffic to connect them via VPN.

 

0 Kudos
emmap
Employee
Employee
‎2024-07-03 11:49 PM

What VPN client are you using?

What is the VPN gateway?

What is the IP range given to VPN connected clients? 

How does the secure call routing work (and why doesn't it work without the VPN connected when in the office?)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events