Quote:
Originally Posted by nejko  Dear forum users,
I have discovered what causes my problem. It is the "VPN routing" setting in the VPN community properties. If I configure the routing "To center, or through the center to other satellites, to internet and other VPN targets", I can reproduce the problem in my test environment. Looks like that if this option is set, Check Point expects already encrypted DHCP discover packet coming to its internal interface. Which doesn't make sense I guess.
If I configure the VPN routing "To center and to other satellites through center", then DHCP works beautifully. But then not all traffic between the gateways is encrypted, which is not what I want.
So still, does anybody know how to solve this issue?
Thanks,
Nejc |
Thanks.
we have the same issue after replacing VPN-1 Edge (due to performance problem 0,5 Mb/s max with VPN) with UTM-1 132. DHCP do not work any more.
CP do not known about this issues for R65 , R70, R70.1, R70.2 (probably every one already used an Cisco ASA 55xx for all remote offices, we are goint to replace all our VPN-1 Edges within next 2 years with ASA 5505 Clusters, or ASA 5510 Clusters just due to a very high price per Mb/s
VPN-1 Edge Unlimited $2000 for 0.5 Mb/s VPN, not nat, simple FW rules -compare with
ASA 5505 about $1000 for REAL 80 Mb/s VPN we have open an Critical SR to be sure this issue will be resolved in short time.
12-Mrz-2010 10:10 open SR
12-Mrz-2010 13:52 After 3.5 hours talking with CP , CP will try to replicate this issue with international TAC. it will take about 1 day (we will see).
15-Mrz-2010 Escalate throu CP Rep.
15-Mrz-2010 11:11 All debugs for replicatable issue has been uploaded to CP.