Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Remote Access VPN multiple pools and IP assignment

Dear All,

 

I actually have a R80.20 cluster with 2 gateways. 

 

All employees are allowed to have a remote access using  Checkpoint Mobile. 

When they do so, they get a 172.16.10.0/23 address.

 

First problem : 

I wanted to allocate few IP addresses in this range. I did it by modifying the ipassignment.conf file .

In the beginning it was working fine. But, I then realized the IP address was given to another employee who has connected earlier in the day...how is it possible to overwrite the reservation like that ? 

 

Second problem : 

I decide to allocate static IP address for the concerned users in another subnet (let's say 10.x.x.x/24), so that I'm not bothered by the first problem.

The problem is, as soon I'm connected by VPN with the new IP address I set, I get disconnected 30 seconds later .

In the logs, I can see that my traffic  links with the external interfaces but all the packets get dropped with "Address spoofing" error message. In fact, my traffic isn't listed as "VPN" feature. 

 

How could I fixe one or both problems ? 

 

Thanks in advance, 

 

 

0 Kudos
Reply
2 Replies
Highlighted
Admin
Admin

If you want to assign a specific user a specific IP, it cannot be in your general Office Mode range, at least as I understand it.

0 Kudos
Reply
Highlighted
Contributor

First problem:

Networks in ipassignment.conf must be different than the Office mode network. 

 

Second problem:

You have to add the network that you give for VPN users in the SmartConsole->GW options->Network Management->your external interface, facing VPN users->Modify topology->Don't check packets from, or just disable anti-spoofing on the external interface (not so secure).

 

 

0 Kudos
Reply