I now have a large number of remote users that are using a Check Point Secure Client VPN connection into the office. These users also need access to network resources attached to their local router/hub (network storage and network printer). Is there any way that the client (Windows 7 or XP) can be configured to bypass the VPN for local addresses (192.*)
Home workers requiring simultaneous office VPN and local network access
checkpointvpn
Related Solutions
The issue will be that the netgear will assume that you are connecting to its WAN interface and VPNing to his LAN interface. In order to accomplish what you are trying to do, you will need to put the netgear beween the internet an the dlink or the dlink and the network. Or simply replace the dlink with the netgear.
The more complicated explanation is that the VPN tunnel is created on the LAN side of the router. But the IPSec part of the communications tunnel is expected to originate from the WAn side of the router. So it is unable to create a tunnel on the same network it is trying to connect to.
It's quite standard for VPN clients to not get an IP address actually belonging to the VPN server's internal network; they are assigned an address in a subnet specifically defined for VPN clients, so that the server can act as a firewall and enforce traffic control between the VPN clients and the internal network.
For this to work, you need three things:
- The VPN server must act as a router.
- The VPN client should either use the VPN as its default gateway, or have a static route (defined manually or supplied by the VPN server) that tells it how to reach the internal network via the VPN connection.
- Last but not least, if the VPN server acts as a firewall and enforces traffic control, it should actually allow the VPN client to talk to the internal network (possibly only on some specific addresses/ports).
In the case of Windows' RRAS, this means:
- Enable LAN routing together with VPN access.
- Configure the VPN clients to use the VPN as their default gateway (this is the default setting, BTW; it's in the advanced TCP/IP properties of the VPN connection); or, if you don't want all the client traffic to flow though the VPN, manually define a static route or find a way for the VPN server to supply it to the client (which is, unfortunately, quite a bit more difficult than it should be).
- Lastly, just don't care about the firewall issue, because Windows' RRAS isn't a firewall and will just let everything flow through it.
Best Answer
Same, not sure about checkpoint, but in Cisco vpn client settings there is a "allow local lan access"