Resolving Connectivity Issues

While there are a few connectivity issues regarding VPN between Security Gateways, remote access clients present a special challenge. Remote clients are, by their nature, mobile. During the morning they may be located within the network of a partner company, the following evening connected to a hotel LAN or behind some type of enforcement or NATing device. Under these conditions, a number of connectivity issues can arise:

• Issues involving NAT devices that do not support fragmentation.

• Issues involving service/port filtering on the enforcement device

Check Point Solution for Connectivity Issues

Check Point resolves NAT related connectivity issues with a number of features:

• IKE over TCP

• Small IKE phase II proposals

• UDP encapsulation

• IPsec Path Maximum Transmission Unit (IPsec PMTU)

Check Point resolves port filtering issues with Visitor Mode (The formal name for this is TCP Tunneling).

Other Connectivity Issues

Other connectivity issues can arise, for example when a remote client receives an IP address that matches an IP on the internal network. Routing issues of this type are resolved using Office Mode (see Office Mode).

Other issues, such as Domain Name Resolution involving DNS servers found on an internal network protected by a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., are resolved with Split DNS (see Split DNS).