Checkpoint routing

[ArcUser]

Hi,

We recently deployed a new data switching arrangement and to increase the number of ip address avaliable to us we created 2 vlans 1 for servers and the 2nd for the lan pc's. Since doing this we now cannot vpn to the lan machines only the stuff on the server vlan which retained the previous ip settings. Question is how can I change the config to allow vpn session to get into the 2nd vlan?

 

[leedsit]

Hi,

Whats Smart Tracker stating the reason for now allowing you to VPN to the New VLAN, is it Droping? Antispoofing reasons???

Lee

LEEroy
MCNE6,CCNA2,CWNA, Project+

 

[ArcUser]

I dont know what smart tracker is ? We have an old version of FW1 is smart tracker an NG application ? I believe the version is 4.1... its about 4 years old now.

 

[watchguardmonkey]

add the new VLAN IP's to the VPN encryption policy rules or encryption domain if you have created one .

 

[ArcUser]

We have a rule that states "support users" ANY to ANY so I would have thought that that would do it ?

 

[FWHATER]

You may have covered this already, but are you sure the ports the pc's are on are associated with the correct vlan ?

 

[ArcUser]

The VLANS seem fine the problem is that when using VPN from the internet to my Internal network and 2nd VLAN I cannot see any of the devices connected to it...

 

[watchguardmonkey]

try being more specific in your rule, ANY to LAN where the LAN includes the 2 VLANS networks, make sure that the routing for both VLANS is out of the ethernet interface on the FW.