In case the issue will happen again please open a new service request with the logs. There might be a limitation in the code, however to investigate this we will need the vpnd logs from the time of the issue. User user2 registration must fail.Īfter checking with RnD, they verified in the code that upon Policy install, the nf file is parsed and save the specified OMs in a local hash table, and during the negotiations, there is a check if the OM is already in the on_assigned_ips kernel table. registerAssignedIP: IP c0a8f80b already belongs to user user1. registerAssignedIP: registering non-protected IP c0a8f80b to user user2 for 900 seconds in kernel instance 0 We found out the hard way, see these logs: ![]() IPsec is protocol that supports secure IP communications that are authenticated and encrypted on private or public networks. IKE (Internet Key Exchange) is a standard key management protocol that is used to create the VPN tunnels. Neither of the documentation mentions the fact that the IP used in nf MUST NOT be part of the pool. The Check Point VPN solution uses these secure VPN protocols to manage encryption keys, and send encrypted packets. Thank you for providing your feedback to SecureKnowledge on sk33422, titled "Office Mode IP and nf file". ![]() ![]() Fortunately the guys from the SK team are very thorough when working on SK documentation and they imply that this is actually a bug and that using IPs from the pool SHOULD be possible. Correction: I mentioned the above based on first hand information from the logs and a chat with support.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |