This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rodrigo_Silva
Contributor
‎2020-07-20 10:32 AM
Jump to solution

Delivering reserved IP in the ipassignment file to other users

Hello everyone,
I'm having problems with the ipassignment file.
I created the IP reservation for some users, but other users are receiving the reserved IP, and when users with reserved IPs will connect, it gives an error message saying that it was not possible to obtain an IP address.
Does anyone have any ideas how to solve this problem or where to see ipassignment logs?
Thank you in advance.

IP.png

2 Solutions

Accepted Solutions
Rodrigo_Silva
Contributor
‎2020-07-27 07:18 AM
In response to PhoneBoy
Jump to solution

The configuration was correct according to sk33422.
I had reserved random IPs, and according to my support team I was instructed to reserve IPs at the beginning or end of the range, and replace the gategay address with *.
My setup looks like this and apparently it's working right now.

################################
### Gateway Type IP Address User Name ###
################################
* addr 172.16.0.254 user1
* addr 172.16.0.253 user2
* addr 172.16.0.252 user3
* addr 172.16.0.251 user4
* addr 172.16.0.250 user5
* addr 172.16.0.249 user6

Thank you all

View solution in original post

Rodrigo_Silva
Contributor
‎2020-08-13 10:42 AM
In response to Rodrigo_Silva
Jump to solution

We continue to have the same problem.
According to sk116603 reserved ips cannot be in the range delivered in office mode.
We created a new range for reserved ips and now we have no more problems.
Thank you all

View solution in original post

0 Kudos
11 Replies
MartinTzvetanov
Advisor
‎2020-07-21 06:42 AM
Jump to solution

Print a sample of your ipassignment.conf 

G_W_Albrecht
Legend Legend
Legend
‎2020-07-21 07:13 AM
Jump to solution

If you have carefully follower configuration examples in Remote Access VPN Administration Guide R80.20 p.58ff, logs will be helpfull:

In clients VPN Options > Advanced Tab, enable Logs. Replicate the issue on the client successfully noting the exact time and click on Collect Logs. Wait a while and the compressed logs will be shown. Disable logging and review the logs in trac.log e.g. using search for GW IP. Full debugs are found here: sk95486: How to debug Endpoint Client connection issues

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2020-07-21 07:33 AM
Jump to solution

If you assign a given user an IP address make sure it is impossible for any other user to be assigned this address.
This means making sure that IP is NOT in the general pool of users.

Rodrigo_Silva
Contributor
‎2020-07-27 07:18 AM
In response to PhoneBoy
Jump to solution

The configuration was correct according to sk33422.
I had reserved random IPs, and according to my support team I was instructed to reserve IPs at the beginning or end of the range, and replace the gategay address with *.
My setup looks like this and apparently it's working right now.

################################
### Gateway Type IP Address User Name ###
################################
* addr 172.16.0.254 user1
* addr 172.16.0.253 user2
* addr 172.16.0.252 user3
* addr 172.16.0.251 user4
* addr 172.16.0.250 user5
* addr 172.16.0.249 user6

Thank you all

MartinTzvetanov
Advisor
‎2020-07-28 03:05 AM
In response to Rodrigo_Silva
Jump to solution

Capture.JPG

What is your config?

0 Kudos
Rodrigo_Silva
Contributor
‎2020-07-28 05:31 AM
In response to MartinTzvetanov
Jump to solution

 

ipassignment.JPG

 

ip2.JPG

 

0 Kudos
Christian_Koehl
Collaborator
Collaborator
‎2020-07-28 07:23 AM
In response to Rodrigo_Silva
Jump to solution

You are doing radius authentication. Have you check the office mode with a local user on the firewall before switching to radius? If not, does it work with a local user?

0 Kudos
Rodrigo_Silva
Contributor
‎2020-07-28 10:27 AM
In response to Christian_Koehl
Jump to solution

I haven't tested it with a local user, only via radius.

0 Kudos
Rodrigo_Silva
Contributor
‎2020-08-13 10:42 AM
In response to Rodrigo_Silva
Jump to solution

We continue to have the same problem.
According to sk116603 reserved ips cannot be in the range delivered in office mode.
We created a new range for reserved ips and now we have no more problems.
Thank you all

0 Kudos
VIKASH_GIRI
Contributor
‎2025-04-18 05:50 AM
In response to Rodrigo_Silva
Jump to solution

we tried and its worked..thnks for ur post

0 Kudos
Jasvijay
Explorer
‎2021-09-28 06:57 AM
Jump to solution

Had same issue, but creating a new pool for a handful of users with reserved IP was not an option for us, What I ended up doing is using the group and range command to ensure users whose ip we dont care about are picked from the range(ex. 192.168.0.1-192.168.0.200) and the reserved IP's are set per user starting from back 254..253... and so on.

# Miami          range  100.107.105.110-100.107.105.119/24        Finance 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events