Hi,
we setup Ofice mode with DHCP these days with also a lot of problems. Our
problems were due to that we thought that the vpn macutil command needs
just the username but it did not work (we got wrong mac's) until we used
the FQUS (i.e. CN=username,C=users,O=gateway). Well, we are using
certificates for user authentication, I think that the virtual generated
MAC will be different for a user authenticated via Password than via
Certificate.
Our system is as following:
VPN IP Range = (i.e.) 192.168.200.0/24
DHCP SERVER
(i.e. 192.168.100.2
gw 192.168.100.1
serves ip's in the range 192.168.200.0/24) <--- LAN --->
FIREWALL
(i.e 192.168.100.1 Internal
157.34.231.11 External
Virtual IP for dhcp relay replies 192.168.200.1) <----->
SecureClient with Office mode support enabled.
Maybe you will check if the MAC's that are send to your DHCP server are
the right ones or test it just with a dhcp pool with unknown-clients
option enabled.
In our case it works fine with both SecureClient versions, R55 HFA-03 and
R56 HFA-03, but we did not try to do an update, we always made a new
installation. Well, looking at checkpoints download page it states that
R56 HFA-03 only can be installed on new installations or as a update for
R56 HFA-01 and R56 HFA-02.
http://www.checkpoint.com/techsupport/downloads_sr.html
Note: VPN-1 SecuRemote/SecureClient NG with Application Intelligence R56
HFA-03 should be installed by:
* R56 HFA-01 and R56 HFA-02 users that are using automatic ICA
certificate renewal
* Users performing a new installation
Maybe you will try, if you are upgrading from R55, update just to version
R56 HFA-02 and later perform another update to HFA-03
Hope this helps,
Kind regards,
Eric Janz
Departamento de Sistemas
Grupo Barcel� Viajes
C\ 16 de Julio, 75
07009 Poligono Son Castell�
Palma de Mallorca - Baleares
Tel.: +34 971 448030
Fax.: +34 971 436986
Mailing list for discussion of Firewall-1
<[email protected]> wrote on 10/06/2005 14:44:48:
> We noticed that new installations of Secure client aren't getting an
> ip address, while working in office mode.
>
> Normally when a SecureClient sets up a connection with our Firewall,
> it is supplied with an IP adres from our DHCP
> server.
> However when a system has a new installation of SecureClient, the
> DHCP offer is rejects on the firewall with the
> description
>
> MAC: 58-72-40-31-3D-7F
> OM: Allocation failure
> om_method: DHCP
> assigned_IP: 192.168.x.x
>
> We already cleared the state of the firewall, rebooted the firewall,
> but it is still impossible for new installations to
> get an IP address and other DHCP information.
> Because of this, the office mode is not functioning properly.
>
> Is there anyone who can help us with this.
> We also noticed a file called SC.NDB but we are uncertain of the
> purpose of the file.
>
> any help is appriciated.
>
> Bert Klomp
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
