Checkpoint LAN Traffic

Hi Guys

Very recently I installed the Checkpoint Endpoint VPN version E80.50 and when users take their laptops home to try install their personal printers the printer install isn't able to detect them on the local LAN. If they don't connect to Checkpoint and then they retry the install and it works fine. We're currently checking our internal policies to see if anything could be blocking LAN or pushing LAN traffic through the VPN. Its just weird how its stopped working.

Any thoughts from the Experts would be appreciated!!
LVL 13
RizzleAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
Sounds like the "send all traffic" through the VPN is selected.
0
RizzleAuthor Commented:
Hi Aaron,

The option to send all LAN traffic over the VPN isnt ticked.
0
Aaron TomoskySD-WAN SimplifiedCommented:
if the vpn is off, and the printer gets installed, does it then work with the vpn on?
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

RizzleAuthor Commented:
Hi Aaron,

The printer doesnt work when the VPN is turned on but when turned off it works fine. We believe it maybe a conflict in the LAN IP range as the users home range is 192.168.1.x and we have a site distributing DHCP using that range. Our 3rd party security experts are looking into as that looks like the root cause.
0
Aaron TomoskySD-WAN SimplifiedCommented:
yeah, there is no easy way around ip overlap.
A. your home users need to change to something else
B. change your office ip ranges.
C. If your router supports it, is you can do "alises" from a DMZ/vpn type place over to the real office resources. So for example, assign the vpn users an ip in the 192.168.99.x range, that way their gateway is 99.1 and doesn't overlap with the home setup. Then you make static nat rules so that 99.5 -> 192.168.0.5 for each network resource you need to be available.

This is the basic setup, even though they are talking about a site to site vpn
http://www.seanlabrie.com/2011/applying-a-nat-policy-to-a-sonicwall-vpn-tunnel/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RizzleAuthor Commented:
We're resolving this internally as we've found the cause.
0
RizzleAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Roshan Ejaz's comment #a40274587

for the following reason:

We figured it out internally.
0
Aaron TomoskySD-WAN SimplifiedCommented:
was the cause not ip overlap?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.