This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
yesterday

Office mode DHCP method failure

Hey guys,

Just wondering if there might be something simple missing for office mode failing with dhcp server method ip allocation. We even replicated this in the lab (on R82 mind you), though customer is on R81.20 jumbo 92. 

We followed below steps, but no luck.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

When we try in the lab, it simply says "Connection failed. you cannot receive office mode IP address at this time, try to connect again"

There is an sk on support site about this exact error, but all it says its fixed in certain versions, which customer is on anyway.

Any clue what might be the fix? I even verified the connection in the lab back and forth from dhcp server, tried different VIP, no joy.

Tx as always! I attached some screenshots for this as well.

Andy

Preview file
126 KB
Preview file
43 KB
Preview file
27 KB
Preview file
29 KB
0 Kudos
6 Replies
AkosBakos
Leader Leader
Leader
yesterday

Hi Andy,

As I see everybody is in Vienn on  CPX25 🙂

Akos

----------------
\m/_(>_<)_\m/
(1)
the_rock
Legend
Legend
yesterday
In response to AkosBakos

Been some time since I been there 😉

Hope everyone is well brother.

Andy

0 Kudos
the_rock
Legend
Legend
yesterday

I did also try below things:

-rebooted the fw

-deleted/re-created the site

-completely reconfigured vpn blade from scratch

For what its worth, though not sure it would matter much here, my lab is R82 standalone, but customer has R81.20 distributed environment (mgmt + clusterXL)

Andy

0 Kudos
the_rock
Legend
Legend
yesterday
In response to the_rock

Also, not sure what to make of below logs, as Im simply testing local user, which appears is authenticated, but just cant get an IP address. I may do some captures on the dhcp server tomorrow and see why that is...

Andy

**********************************

 

[Expert@R82:0]# vpn debug trunc
[Expert@R82:0]# vpn debug ikeon
[Expert@R82:0]# vpn debug ikeoff
[Expert@R82:0]# grep -i andy $FWDIR/log/vpnd*
[Expert@R82:0]# grep -i andy $FWDIR/log/ike*
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:02] fetch_user_wrapper_cb: got cached username: andy, going to check object is still the same
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:02] GetUserCnFromDn:: illegal DN given as user name andy
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:02][tunnel] IkeSAFromState: User andy saved
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:02][tunnel] InitXAuthSendLast: Message: User andy authenticated by FireWall-1 authentication
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:02] fetch_user_wrapper_cb: got cached username: andy, going to check object is still the same
/opt/CPsuite-R82/fw1/log/iked2.elg:[iked2 16955 4072612352]@R82[5 Feb 22:55:07][tunnel] dhcp_bind_callback: Could not bind an IP address for user andy
[Expert@R82:0]#

0 Kudos
G_W_Albrecht
Legend Legend
Legend
5 hours ago
In response to the_rock

https://support.checkpoint.com/results/sk/sk116957 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend
an hour ago
In response to G_W_Albrecht

Thank you, will check the scenarios later.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events