Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
staboi
Participant

GRE Tunnel log DROP: Received a cleartext packet within an encrypted connection.

Hi experts,

I created tunnel between MikroTik to Check Point using GRE Tunnel. It shows that the traffic was dropped with "Received a cleartext packet within an encrypted connection" warning. 1 thing that I noticed is that I can't set tunnel ID in mikrotik as what checkpoint could. What exactly is the cause of this issue and how to troubleshoot this? Any help would be greatly appreciated.

 

Thank you.

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

Maybe this helps ? sk169794: GRE Configuration Guide

CCSE CCTE CCSM SMB Specialist
0 Kudos
Timothy_Hall
Champion
Champion

If you are receiving that message, the firewall believes based on the src/dst IP addresses of the packet that it should have been sent encrypted from a VPN peer but it wasn't.  You will need to adjust your VPN domains such that the firewall does not believe that traffic should have arrived in a VPN tunnel.  The inspection of the packet and determination whether it should have been encrypted happens before the packet is passed to the Gaia OS between inspection points i-I, so it can't even reach the GRE handling in the Gaia OS.

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos