This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
saitoh
Advisor
Tuesday
Jump to solution

IP pool Source NAT issue R82.10 L2TP + IPsec

Hi experts,

 

Env:

CP3950 clusterXL R82.10 jumbo take 22

VM management server R82 jumbo take 44

 

I tested CP3950, and L2TP users cannot access internal resource when VPN connection established.

I migrated all visible configuration from the actual environment, including database of management server, to two of CP3950, and VM management server.

The original product environment provides wide range of availability with L2TP users, so I did not expect it failed on CP3950.

All visible configuration such as GAiA configurations, and management server database are same as I double-checked, so I thought I might have missed some kernel parameters.

 

I noticed log says an unfamiliar IP address (10.127.45.X) for the connection of L2TP user while xxx.xxx.252.x/24 is expected.(IP Pool NAT)

Therefore, I hit google, and found seemingly related sk (sk172805).
https://support.checkpoint.com/results/sk/sk172805

 

I am not certain if this is relevant or not...

 

Any comments are more than welcome, but since the appliances are not within my reach log retrieving takes time.

 

 

Thanks in advance.

Saitoh

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
1 Solution

Accepted Solutions
idants
Employee
Employee
Tuesday
Jump to solution

Hi,

Thank you for the feedback.

I asked to check your case in our lab, and indeed seems that there is a bug which cause this behavior.

We are working to fix it and the fix will be included in one of the next JHF releases (#1 or #2).

Thanks,

Idan Tsarfati

R&D Director 

View solution in original post

(1)
6 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Tuesday
Jump to solution

I don't believe your issue matches this, if you've confirmed the office mode address range and NAT configuration please open an SR with TAC to investigate further.

CCSM R77/R80/ELITE
(1)
the_rock
MVP Platinum
MVP Platinum
Tuesday
Jump to solution

Hey mate,

Greetings to Japan and Happy New Year!

I tend to agree with Chris, does not seem to me that sk would be 100% relevant in your specific case. Definitely best to open TAC case and let them confirm.

Best,
Andy
(1)
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

I'm guessing this is related to the move to UPPAK, which you probably weren't running in the older environment.
TAC will definitely need to be involved. 

(1)
idants
Employee
Employee
Tuesday
Jump to solution

Hi,

Thank you for the feedback.

I asked to check your case in our lab, and indeed seems that there is a bug which cause this behavior.

We are working to fix it and the fix will be included in one of the next JHF releases (#1 or #2).

Thanks,

Idan Tsarfati

R&D Director 

(1)
saitoh
Advisor
Wednesday
Jump to solution

Hi @PhoneBoy , @the_rock , @Chris_Atkinson ,

Much appreciated to your comments! It is fortune for me and the community that you legends are always here to help us 🙂

 

and thanks for conforming this behavior @idants!

I will open an TAC case to ask them for a bit more details.

 

Saitoh

sliver bullet: casting repero or tossing it into the harbor
the_rock
MVP Platinum
MVP Platinum
Wednesday
In response to saitoh
Jump to solution

Im sure it will be fixed soon, as @idants indicated.

日本へのご挨拶

I hope google translate did that right : -)

Best,
Andy
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events