AnsweredAssumed Answered

R80.10 IPSEC with DAIP mobile routers as interop devices, problem with dynamic IP reassignment on daip devices

Question asked by Raine Widjeskog on Jan 1, 2019
Latest reply on Jan 4, 2019 by Dameon Welch-Abernathy

Hi,

 

I'm having an issue where it seems that when the same ip gets assigned first to daip peer a and then afterwards to DAIP peer b, the check point still "remembers" daip peer a and gives an auth fail on the ipsec negotiation. The funny thing is that the IP-interop device connection seems to reside in some cache even if you delete all ike+ipsec SAs for the peer through vpn tu. It also seems that vpn tu is not always successful in deleting the SAs even if i command it multiple times, so I wonder if that's the issue or if someone has stumbled upon the same problem before? It kinda sucks if you need to wait for the ipsec phase 1 to timeout in order to be able to get connected again on a new device with an old IP.

 

Any help appreciated

Outcomes