This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
morris
Contributor
‎2022-03-16 02:35 AM

DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

Hey guys,

we are currently doing some PoC-stuff and started to have some issues regarding dhcp-relay.

Setup:

  • centrally managed DAIP-SMB
    • WAN-Port configured as Internet
      • DHCP behind DSL-Router (DSL-Router is Gateway for SMB)
      • 192.168.x.x
    • LAN1-Switch has 10.x.x.1/24
  • Management reachable through static-NAT on central Gateway 

We configured everything described in this article. And its working!

If SMB is DHCP-Server for LAN1-Switch, all devices connected to LAN1-Switch can connect to central network.

 

We observe that logs of tunnel_test are either between
Cluster-GW -Public-IP <-> DAIP from DSL Router
or
WAN-Port-Address-192.168.x.x <-> Cluster-GW -Public-IP

 

If we configure dhcp-relay for LAN1-Switch the SMB uses its WAN-Port-Address-192.168.x.x. But we expect to use its LAN1-Switch address 10.x.x.1.

Also if we connect via ssh or serial console to 10.x.x.1 and ping devices on central site, it uses 192.168.x.x instead of 10.x.x.1 

 

Did we miss something in the configuration or is this working as designed? Do you have some clue to solve this?

Regards,
Morris

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-03-18 09:54 AM

I would assume we'd be using the IP of the interface nearest to the destination, which in this case would be the 192.168.x.x address.
As such, I expect this is working as designed.

0 Kudos
Dan_Cannon
Contributor
‎2022-05-21 04:54 AM

Under device, Advanced settings there is an option "DHCP Relay - Use internal IP addresses as source".  Set this to true and this will fix the issue...

 

0 Kudos