 | ||
 SecureClient/SecureRemote....issues | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-11-01 | |||
| |||
 SecureClient/SecureRemote....issues Hello all, When trying to connect - in SmartView Tracker we get these following errors: Type: Alert Action: Key Install Subproduct: VPN VPN Feature: OfficeMode OM: Assigned IP address for 300 seconds - lease renewed or reassigned om_method: IP pools assigned_IP The client eventually connects but it takes awhile. Gateways are Nokia IP560 NGXR65 IPSO 4.2 VRRP Cluster. Thanks in advance... Last edited by evo22; 2007-11-01 at 16:05.  |
| 2007-11-06 | |||
| |||
| Re: SecureClient/SecureRemote....issues For reference here's a sample of my log entry: Number: 1 Date: 6Nov2007 Time: 19:19:19 Interface: daemon Origin: firewall Type: Log Action: Key Install Source: zzz.net User: zebra Information: MAC: ZA-ZA-AZ-AZ-ZA OM: Assigned IP address for 14400 seconds - lease renewed or reassigned om_method: IP pools assigned_IP: 1.1.1.1 Encryption Scheme: IKE Subproduct: VPN VPN Feature: OfficeMode Product: VPN-1 Power/UTM The big difference I can see is that yours is an Alert and not a Log. There should be some indication why its an Alert. As for other differences, you don't list out the Mac or the assigned IP, so I'm assuming they weren't present. Which makes me wonder what you're using for DHCP, if its not the gateway then that's the first place I'd look. Also, why are you using a 300 second lease time, if you're that short on IPs then you should change your pool size. On a side note, here's a short list of services which may be used during the authentication sequence, any drops with these may also cause a delay in authenticating: tcp/264 tcp/500 udp/500 udp/259 udp/2746 udp/4500 |
| 2007-11-08 | |||
| |||
| Re: SecureClient/SecureRemote....issues Number: 8473272 Subproduct: VPN VPN Feature: OfficeMode Origin: Type: Alert Action: Key Install Source: laptop User: f Encryption Scheme: IKE Subproduct: VPN VPN Feature: OfficeMode Information: MAC: 3B-4C-E3-54-DD-5E OM: Assigned IP address for 300 seconds - lease renewed or reassigned om_method: IP pools assigned_IP: 10.200.10.126 Number: 8295293 Date: 1Nov2007 Time: 13:09:05 Product: VPN-1 Pro/Express Interface: daemon Origin: Type: Alert Action: Key Install Source: laptop Destination: User: f Encryption Scheme: IKE VPN Peer Gateway: laptop IKE Initiator Cookie: b13b933b5aba5cf IKE Responder Cookie: 0143e7f86f95a7d8 IKE Phase2 Message ID: fe06d2dc Encryption Methods: AES-256 + SHA1, Internal Password Subproduct: VPN VPN Feature: IKE Information: IKE: Main Mode completion [UDP]. as for IPs we are running a bit low. If I were to change the leased time where would I do this? I'm rather new to Check Point. Thank you in advace.... Last edited by evo22; 2007-11-08 at 11:17. |
| 2007-11-08 | |||
| |||
| Re: SecureClient/SecureRemote....issues Aside from the Type: Alert, everything looks fine as far as these logs are concerned. If you filter between the laptop and the firewall (and between the firewall and the laptop) do you see any Drops? As for where you define the Office Mode pool, its in the properties of the Gateway object in the SmartDashboard, under Remote Access -> Office Mode -> Allocate IP adresses from network. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
