The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
When remote access users connect to the local 600 / 1100 VPN server and establish VoIP Call, one of the sides is unable to hear anything
|
Technical Level
|
| Solution ID |
sk102208 |
| Technical Level |
|
| Product |
Quantum Spark Appliances |
| Version |
R75.20 (EOL), R77.20 (EOL), R80.20 (EOL) |
| OS |
Gaia Embedded |
| Platform / Model |
1100, 600 |
| Date Created |
02-Sep-2014
|
| Last Modified |
09-Nov-2020
|
Symptoms
- When a Remote access VPN user is establishing an outgoing VoIP Call on Check Point 600 / 1100 VPN server, one of the sides is unable to hear anything.
- Debug output (
fw ctl zdebug + drop) shows messages related to the Office Mode client IP:
"dropped by fw_conn_inspect Reason: post lookup verification failed".
- Debug output (
#fw ctl zdebug + conn) shows the reason for the above drop:
FW-1: fw_log_bad_conn_ex: reason Connection contains real IP of NATed address
fw_conn_inspect: post lookup verification failed. Dropping packet
.....
VM Final action=VANISH
Cause
- Security Gateway cannot match backward connection on one of the created symbolic links in Connections Table, since connection was matched on more than one NAT rule.
- The Security Gateway performs Hide NAT for internal connections even when it is not needed.
Solution
|
Note: To view this solution you need to
Sign In
.
|
