Hello,
The correct answer is the one proposed Al789789: ( Set specific VPN domain for communities), is not listed on the options.
The closest is the D (Network Access VPN Domain). Let me explain you why:
To pass throug the VPN tunnen from a remote connection, you have to:
- Create a group with the the local and remote subnets of the VPN tunnel;.
- Add the group to the VPN domain of the "RemoteAccess "community.
- Add the Office Mode subnet (CP_default_Office ...) to the local VPN domain to avoid getting the following log :
'Encryption Failure: according to the policy the packet should not have been decrypted'
- Authorize the Office Mode subnet, on the remote gateway because the packets finished in the cleanup rule of the remote gateway.
Everything has been successfully tested on my lab
I added a comment about the 2 lasts steps to the following CheckMates page:
https://community.checkpoint.com/t5/Remote-Access-VPN/route-office-mode-through-Ipsec-tunnel-site-to-site/td-p/78063
A very, very strange question. The correct answer is Set specific VPN domain for communities. I suppose it is A option.
https://community.checkpoint.com/t5/Remote-Access-VPN/route-office-mode-through-Ipsec-tunnel-site-to-site/td-p/78063
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tsirgogik
Highly Voted 3 years, 1 month agoahmnaw
2 years agopatones
Most Recent 6 months agoAmathai1803
2 years, 8 months agoAl789789
3 years, 2 months ago