Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
staboi
Participant

GRE Tunnel log DROP: Received a cleartext packet within an encrypted connection.

Hi experts,

I created tunnel between MikroTik to Check Point using GRE Tunnel. It shows that the traffic was dropped with "Received a cleartext packet within an encrypted connection" warning. 1 thing that I noticed is that I can't set tunnel ID in mikrotik as what checkpoint could. What exactly is the cause of this issue and how to troubleshoot this? Any help would be greatly appreciated.

 

Thank you.

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend

Maybe this helps ? sk169794: GRE Configuration Guide

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend

If you are receiving that message, the firewall believes based on the src/dst IP addresses of the packet that it should have been sent encrypted from a VPN peer but it wasn't.  You will need to adjust your VPN domains such that the firewall does not believe that traffic should have arrived in a VPN tunnel.  The inspection of the packet and determination whether it should have been encrypted happens before the packet is passed to the Gaia OS between inspection points i-I, so it can't even reach the GRE handling in the Gaia OS.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events