CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

  1. #1
    Join Date
    2016-08-02
    Posts
    6
    Rep Power
    0

    Default New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    I'm working with a 4400 (v77.30) and am trying to use DHCP relay. The firewall sees incoming requests but drops them with the error "connection contains real ip of nated address". Would someone help me understand what's happening and what to do to fix it?

    Not sure if it'll help but I have 3 interfaces with an assigned ip and on each of those interfaces I have 4 vlans also ip's.
    Eddie

  2. #2
    Join Date
    2016-03-01
    Posts
    1
    Rep Power
    0

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    What does SmartLog/Tracker say about the traffic? Have you exempted your internal networks from NAT between each other? I've seen this but it was a while back and I think it was NAT being allied incorrectly.

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    There is a couple of known issues with this message, look into sk98169 and sk103763
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    Quote Originally Posted by Eddie_Norman View Post
    I'm working with a 4400 (v77.30) and am trying to use DHCP relay. The firewall sees incoming requests but drops them with the error "connection contains real ip of nated address". Would someone help me understand what's happening and what to do to fix it?

    Not sure if it'll help but I have 3 interfaces with an assigned ip and on each of those interfaces I have 4 vlans also ip's.
    Eddie
    What this error means is for example, source address A was natted to source address B. Destination address is C.

    C then responds to A instead of B.

  5. #5
    Join Date
    2016-08-02
    Posts
    6
    Rep Power
    0

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    At the request of a DHCP address I was getting "Connection contains real IP of NATed address" from Smart Tracker and the packet was dropped.

    I made a change and will be testing this afternoon. Each of my DMZ interfaces (the same ones with the error) weren't set as "Interface leads to the DMZ". I was able to send a request on one vlan without getting an error but will have to now test with a request and hopefully a response. We'll see how well, if at all, this helps.

    Thanks verera. Unfortunately, I can't yet get to those articles. That is to say, I can see them available but continue to get prompted to logon and even after that, I can't see the solution.

    Thanks jflemingeds. Your explanation helped my understanding.

  6. #6
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    Quote Originally Posted by Eddie_Norman View Post

    Thanks verera. Unfortunately, I can't yet get to those articles. That is to say, I can see them available but continue to get prompted to logon and even after that, I can't see the solution.
    Okay, you must to have at least advanced level to get access to those cases. PM me, I will send you the print-outs of those to your email. It is not practical to quote two whole cases here in the comments.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  7. #7
    Join Date
    2016-08-02
    Posts
    6
    Rep Power
    0

    Default Re: New 4400 - "Connection contains real ip of nated address" error with DHCP relay

    Quote Originally Posted by Eddie_Norman View Post
    At the request of a DHCP address I was getting "Connection contains real IP of NATed address" from Smart Tracker and the packet was dropped.

    I made a change and will be testing this afternoon. Each of my DMZ interfaces (the same ones with the error) weren't set as "Interface leads to the DMZ". I was able to send a request on one vlan without getting an error but will have to now test with a request and hopefully a response. We'll see how well, if at all, this helps.

    Thanks verera. Unfortunately, I can't yet get to those articles. That is to say, I can see them available but continue to get prompted to logon and even after that, I can't see the solution.

    Thanks jflemingeds. Your explanation helped my understanding.

    So, what I thought and hoped would work didn't. This morning I took a different path of least resistance by using CP for DHCP. Worked like a champ. One question though. Is there a way to retain and view historic lease assignments for say 30 days? I found the command to view current lease but that's limited to current only.

Similar Threads

  1. message_info: Connection contains real IP of NATed address
    By dave nemae in forum Voice over IP Blade (VoIP)
    Replies: 10
    Last Post: 2011-11-24, 02:06
  2. Connection contains real IP of NATed address
    By Barry J. Stiefel in forum NAT (Network Address Translation)
    Replies: 1
    Last Post: 2011-11-24, 02:04
  3. Dropped: "Connection_info: Connection contains real IP of NATed address"
    By hotice_ in forum NAT (Network Address Translation)
    Replies: 3
    Last Post: 2008-05-30, 06:12
  4. Checkpoint SecureClient user VPN error: "connection contains real IP of NATed address
    By zippie74 in forum NAT (Network Address Translation)
    Replies: 0
    Last Post: 2006-05-14, 23:09
  5. Error: "Data connection address spoofing"
    By srikrishnak in forum Miscellaneous
    Replies: 0
    Last Post: 2005-09-22, 01:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •