[vpn-help] FW: FW: RE: No DHCP Response from Gateway

Fri Dec 3 16:31:00 CST 2010

On 11/26/2010 9:28 AM, Ben Chamberlain wrote:
> Hi Matthew,
>
> I appreciate that you have many queries to answer but did you have any thoughts on the below?
>

Sorry. I have been swamped lately. In my previous response, I was asking 
if you have 192.168.1.0/24 defined in one of your policies. I meant in 
one of the policies defined on the Fortigate end.

The only thing I can think of is that there is a difference in the way 
the working Fortigate is configured vs your primary Fortigate. This may 
be related to a security policy ( check your firewall rules ) that 
references the 192.168.1.0/24 network. Maybe another site to site tunnel 
that uses that network? Another option could be that you have a static 
route that points 192.168.1.0/24 to an internal gateway? I'm not sure. 
Have you gone through both firewalls and done an in depth config 
comparison to ensure they are exactly the same?

-Matthew

> Many thanks,
>
> Ben Chamberlain
> Swyddog Cefnogi Cymorth Technoleg Gwybodaeth a Chyfathrebiadau/Information and Communications Technology Support Officer
> Gwasaneth Tân ac Achub Gogledd Cymru/North Wales Fire and Rescue Service
> Ffôn/Telephone: 01492 564 949
> Ffacs/Fax: 01492 593 956
> Am archwiliad diogelwch tân yn y cartref, ffoniwch 0808 100 2863, e-bostiwch cfs at nwales-fireservice.org.uk neu ymwelwch â www.gwastan-gogcymru.org.uk.
> For a free home fire safety check, please call 0808 100 2863, e-mail cfs at nwales-fireservice.org.uk or visit www.nwales-fireservice.org.uk.
>
> -----Original Message-----
> From: Ben Chamberlain
> Sent: 16 November 2010 08:35
> To: 'Matthew Grooms'; vpn-help at lists.shrew.net
> Subject: RE: FW: RE: [vpn-help] No DHCP Response from Gateway
>
> Hi Matt,
>
> Yes I've tried defining the network as 'Tunnel All', allow 192.168.1.0/255.255.255.0 and allow 192.168.0.0/255.255.0.0 individually and none work for our primary Fortigate.
>
> Interestingly all of the above work fine for our secondary Fortigate - please see my previous postings for the make/model/firmware of our primary/secondary Fortigates.
>
> Can you think of anything that might be configured differently on our Primary Fortigate that would always cause a 'No DHCP Response from Gateway' on Shrew everytime when the local subnet of the connecting client is 192.168.1.xxx?
>
> Many thanks again,
>
> Ben Chamberlain
> Swyddog Cefnogi Cymorth Technoleg Gwybodaeth a Chyfathrebiadau/Information and Communications Technology Support Officer Gwasaneth Tân ac Achub Gogledd Cymru/North Wales Fire and Rescue Service
> Ffôn/Telephone: 01492 564 949
> Ffacs/Fax: 01492 593 956
> Am archwiliad diogelwch tân yn y cartref, ffoniwch 0808 100 2863, e-bostiwch cfs at nwales-fireservice.org.uk neu ymwelwch â www.gwastan-gogcymru.org.uk.
> For a free home fire safety check, please call 0808 100 2863, e-mail cfs at nwales-fireservice.org.uk or visit www.nwales-fireservice.org.uk.
>
> -----Original Message-----
> From: Matthew Grooms [mailto:mgrooms at shrew.net]
> Sent: 16 November 2010 05:04
> To: Ben Chamberlain
> Subject: Re: FW: RE: [vpn-help] No DHCP Response from Gateway
>
> On 11/12/2010 3:41 PM, Ben Chamberlain wrote:
>> Hi Matt,
>>
>> I have been able to re-create this issue consistently.
>>
>> The problem is with the local subnet.
>>
>> If you have a local 192.168.0.xxx address, everything works fine -
>> however if you have a local 192.168.1.xxx address the symptoms are as
>> described.
>>
>> What would cause this issue when all VPN traffic is tunnelled in
>> either case and virtual adaptors are used?
>>
>> Any pointers would be most appreciated.
>>
>> Regards,
>>
>> Ben Chamberlain
>>
>
> Ben,
>
> Do you have the 192.168.1.0/24 network defined in one of your policies?
>
> -Matthew
>
> **********************************************************************
> Cyfrinachedd: Mae’r neges e-bost hon ac unrhyw ffeiliau a
> drosglwyddir gyda hi, yn breifat ac fe allent fod yn cynnwys gwybodaeth
> sy’n gyfrinachol neu’n gyfreithiol-freintiedig. Os byddwch yn derbyn
> y neges hon trwy gamgymeriad, a fyddech mor garedig â rhoi
> gwybod inni a chael gwared arni o’ch system ar unwaith.
>
> Ymwadiad: Fe allai e-bostio trwy’r We fod yn agored i oedi,
> rhyng-gipio, peidio â chyrraedd, neu newidiadau heb eu hawdurdodi.
> Felly, nid yw’r wybodaeth a fynegir yn y neges hon yn cael cefnogaeth
> GTAGC oni bai fod cynrychiolydd awdurdodedig, yn annibynnol
> ar yr e-bost hwn, yn hysbysu ynghylch hynny. Ni ddylid gweithredu
> o ddibynnu ar gynnwys yr e-bost hwn yn unig.
>
> Monitro: Bydd GTAGC yn monitro cynnwys e-byst at ddiben
> atal neu ddarganfod troseddau, a hynny er mwyn sicrhau diogelwch
> ein systemau cyfrifiadurol a gwirio cydymffurfiad â’n polisïau.
>
> Gwasanaeth Tân ac Achub Gogledd Cymru
> Parc Busnes Llanelwy, Sir Ddinbych.  LL17 0JJ
> **********************************************************************
> Confidentiality: This email and any files transmitted with it, are
> private and may contain confidential or legally privileged information.
> If you receive this message in error, please notify us and then
> immediately remove it from your system.
>
> Disclaimer: Internet email may be subject to delays, interception,
> non-delivery or unauthorised alterations. Therefore, information
> expressed in this message is not endorsed by NWFRS unless
> otherwise notified by an authorised representative independent
> of this email. No action should be taken in reliance on the
> content of this email.
>
> Monitoring: NWFRS monitors email traffic content for the purposes
> of the prevention and detection of crime, ensuring the security of
> our computer systems and checking compliance with our policies
>
> North Wales Fire and Rescue Service
> St Asaph Business Park, Denbighshire. LL17 0JJ
> **********************************************************************
>