This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kryten
Collaborator
3 weeks ago

Log shows VPN Client with LAN IP instead of office mode IP

Hi Mates!

we got a strange case here where I was inable to find any fitting iformation about so far. Maybe someone here has seen something similar?

My customer has a lot of RA VPN Clients and one of them has a problem at the moment, where we don't know what to do about. Since its affecting one of many, we suspect a problem at the remote end, but we would like to be sure about that.

The client can connect to RA without issues, but is not able to access the allowed services after that anymore. At first we thought we might have a problem with identities sourced from RA VPN (we had an issue there a while back), as the Logs did not show the clients identity after the authentication and all the rules are based on access roles/user identities. We then noticed the source IP that is shown in the Logs: Its not the office mode IP but the LAN IP of the client.
We then had the client generate some logs for us and in those we can see that the client is getting an office mode IP.

So the client can connect and gets an office mode IP assigned correctly, but then for some reason connections are made with the LAN IP as source. (At least that is what SmartConsole Logs are showing, we still need to confirm this with a tcpdump).

 

Any idea what could be causing this?

 

 

Best Regards,

Alex

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
3 weeks ago

Which Endpoint VPN client version is used by the effected device?

Does the machine have both Wired and Wireless connections and how do those addresses compare against things like:

- gateways encryption domain

- location awareness settings/policy

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
3 weeks ago

Did this ever work? Just one user with the issue?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events