This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SdanteMate
Contributor
‎2022-06-09 05:17 AM

IPSec Remote VPN DNS cannot resolve local hosts

Dear mates,

 

I have an issue that applies to one user only. It has to be related to his endpoint specific, but I can't find out what it is. 

When he connects to the IPSec client, even if the nslookup resolved the IP address of the domain name, it can't ping the web app or browser it.

The issue is fixed if entry is added to the /etc/hosts. 

I run Wireshark to the endpoint and verify that DNS queries are sent to the IPsec tunnel interface.

 

Our GWs are R80.10 (Cluster) and  IPSec client version E83.10 Build 986101816.

Thank you.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2022-06-10 02:54 PM

R80.10 is End of Support, highly recommend upgrading to a supported release.

0 Kudos
SdanteMate
Contributor
‎2022-06-13 11:27 PM
In response to PhoneBoy

We have got extension support from Checkpoint.

0 Kudos
Jacques_Spelier
Contributor
‎2022-11-24 01:43 PM
In response to PhoneBoy

Hi there,

 

We started seeing this same behavior about a couple months ago. We are running R81 and Endpoint client R86.30 and 80 (tried to resolve but didn't).  A bunch of users will be connected to the corporate VPN and all of a sudden then can no longer connect to an internal host via DNS all the while others are connecting to the same host successfully when they try. It may not be all the hosts that are unreachable. I suspect cache is influencing this.  

 

at cmd, nslookup can resolved the name say target.corp.ca and identified the internal corporate DNS server as its source. Looking at the DNS cache does not show an entry for target.corp.ca.  this was done thru Powershell using the "Get-DnsClientCache|findstr target.corp.ca" command. try ping target.corp.ca and no response. VPN tunnel is up and working with no issues from what we can tell. Now this gets stranger as a few different actions seems to restore services.  1) Wait a while and problem goes away. 2) disconnect from VPN and then reconnect. Some success. and 3) reboot laptop in this case.  I have read in various articles that Win10 behaves in the fashion that it will blast all DNS requests out every interface that has a DNS server configured in the interface settings (either manually or auto). I have a case open with TAC and they are thinking that the Internet DNS servers are responding faster over the WIFI adapter than the replies from the Checkpoint  VNA (Virtual Network adapter) which has the internal DNS servers defined.  Changing interface metrics did not seem to work for us.  Packet capturing is confirming that replies are coming from internals. I should mention that we are split-tunneling. Apparently if we weren't split tunnelled the problem goes away. Not practical in our age right now.  Still somewhat at a loss like @SdanteMate   We have been running VPN client for over 2 years now and only recently come across this behavior. We have moved our clients to new R81 firewall back this spring and only hearing this issue in the last couple months.

Cheers

Jacques

0 Kudos
Vladimir
Champion
Champion
‎2022-06-10 03:57 PM

Check if the Endpoint Client getting IP address assigned by Office Mode.

0 Kudos
SdanteMate
Contributor
‎2022-06-13 11:27 PM
In response to Vladimir

Yes, it did. 

0 Kudos
the_rock
Legend
Legend
‎2022-06-10 06:29 PM

Logically, if its one user, then certainly not issue on the gateway side. Maybe compare trac.config files.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top