- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- you cannot receive an office mode ip address at th...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you cannot receive an office mode ip address at this time.
hello
We have upgraded from R80.30 to R81 everything seems fine, but on Remote Access VPN we have periodic connection failures for several users and they have next error: “Connection Failed You cannot receive an office mode IP address at this time…” there is screen also.
we noticed that, problem appears to users which had unexpectedly disconnected from VPN for several various reasons.
And that’s why problem repeats every day with several various users (5 to 10 users by day), also 2-3 same users too.
At this point we are resolving this 5-10 issues by changing ip addresses in ipassignment.conf file for problematic users. Also for troubleshooting purposes I have returned old ip to user after several minutes but same error appeared.
it seems as if there is problem with tunnel for user also problem is resolved by resetting tunnel but in most cases session disappears in "tunnel and user monitoring" view so I cant reset it and I am forced to change ip address in ipassignment .conf file and access policy too for each user.
we are assigning ip addresses to vpn users only via ipassignment.conf file. Also we have edited $FWDIR/conf/trac_client_1.ttm file according to our needs. And this configurations worked for us fine on R80.30 and we think that this settings should be okay with R81 also.
please share your experience, I have already opened case but still waiting for response.
Respectively,
George Tsanava
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A fix is ready, fw1_wrapper_HOTFIX_R81_JHF_T36_752_MAIN_GA_FULL - at our customers it did resolve the issue !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fix is included in Ongoing Jumbo Take 44 : https://community.checkpoint.com/t5/Product-Announcements/R81-Jumbo-Hotfix-Accumulator-New-Ongoing-t...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is definitely going to require TAC assistance.
That said, it is one of the limitations of using ipassignment.conf to assign a specific user a specific address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At least two TAC tickets are currently open for this issue...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One of our partners has the same issue with a lot of customers - issue started after installing R81 JT 36 ! So to resolve this issue, you would have to uninstall JT 36 and go back to JT 29. This can be replicated very easily, but although a SR# is open since 17.8., no solution was found yet.
Workaround is to remove the IP from om_assigned_ips...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share the SR# in a private message so i can point it out to CP ?
kind regards,
--
Guenther Albrecht
Arrow ECS Internet Security AG A-1100 Wien, Wienerbergstrasse 11
Tel: +43 1 370 94 40 325 Fax: +43 1 370 94 40-33
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes I have sent it to you in PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had that exact same error with one customer and it turned out to be a license. Im not saying thats the case with you, but maybe worth checking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Usually, the error could also be a licensing issue. But if all had been working as expected until JT 36 was installed, this is simply a bug 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes it looks like bug. licensing was checked very first, its not about that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for the information 😀
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am Idan Tsarfati, R&D VPN group manager.
Thanks for letting us know about this issue - we investigated it and found out that there is a bug in this take which related to the mentioned configuration file.
We have a fix for this issue, so you can contact me in order to get it.
A WA is to remove the user from the configuration file.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A fix is ready, fw1_wrapper_HOTFIX_R81_JHF_T36_752_MAIN_GA_FULL - at our customers it did resolve the issue !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes fix resolved our case. thanks to all Checkpoint Staff Members who worked on it ❤️
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fix is included in Ongoing Jumbo Take 44 : https://community.checkpoint.com/t5/Product-Announcements/R81-Jumbo-Hotfix-Accumulator-New-Ongoing-t...
