This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Itzel_Gtz26
Participant
‎2023-01-24 10:53 AM

Static IP ipassignment.conf not working correctly

Hello

 

I configured my VPN user to be assigned a fixed IP from the pool, however, said IP is not reserved for my user and if I connect late it is assigned to another user and does not let me enter.

 

I have already validated the use of tabs between fields in the ipassignment.conf file and put the IP of my gateway instead of the name

 

Any idea what I'm missing?

0 Kudos
10 Replies
PhoneBoy
Admin
Admin
‎2023-01-24 11:14 AM

Version/JHF level of gateway?
To ensure no other user can obtain that IP address, you need to ensure that you're specifying IPs in ipassignment.conf that are not in your standard Office Mode pool.

0 Kudos
Itzel_Gtz26
Participant
‎2023-01-24 12:49 PM
In response to PhoneBoy

My gateways are in R81 Take 74

So I have to put an IP that is not in my VPN pool, but if I want to assign a fixed IP to all my users with that same pool, can't it?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-24 09:18 PM
In response to Itzel_Gtz26

There needs to be no overlap between your Office Mode pool and anything in ipassignment.conf.
Otherwise you will experience the exact issue you're reporting.

0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2023-01-24 07:19 PM

Instead why then configure firewall with external DHCP server and reserve the IP addresses there?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-24 11:03 PM
In response to Blason_R

Sorry, but the meaning here is very unclear ! Why use an external DHCP if ipassignment.conf is not working as expected ? We all know that it does usually work and we do not need an external DHCP server...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
latloto
Explorer
‎2024-02-05 05:03 AM
In response to G_W_Albrecht

sorry, but that not works. there are no valid documentation for this case. why should spent a lot time to research this nano technology .... a simple ip address map to user/group.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-02-06 12:39 AM
In response to latloto

Better consult CP TAC to get this resolved !

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AmirArama
Employee
Employee
‎2024-02-06 08:21 AM
In response to latloto

in case havn't seen yet

https://support.checkpoint.com/results/sk/sk33422

 

0 Kudos
latloto
Explorer
‎2024-02-06 09:09 AM
In response to AmirArama

of course.

i am looking, how to assign static ip to Microsoft ldap user.

# Gateway Type IP Address User Name
# ============= ===== ==================================== 
10.0.25.1 addr 172.16.5.2, CN=Tom Sornim,OU=it department,OU=west europa,OU=europa,DC=NordicOil,DC=local

Tom login is tom.sornim

office pool is 172.16.4.0/24

and this config does not works.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-06 11:38 AM
In response to latloto

How does the user authenticate?
If by user/password, then use the AD login name here, not the full DN (which is used for certificate authentication).
This is noted in the SK linked above.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events