https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23570#M3930 <HTML><HEAD></HEAD><BODY><P>Issue was due to VPN domain mismatch. Resolved now after giving same subnet IPs at both end. Check point had full subnet defined and at cisco only 3 Ips of same subnet were there</P></BODY></HTML> Thu, 18 Jan 2018 14:20:09 GMT Kumar_Sambhav 2018-01-18T14:20:09Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23564#M3924 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I have VPN tunnel up and running between CheckPoint R77.30 on AWS and Cisco ASA on premise. Traffic is coming from Cisco side however, from CheckPoint side it is getting dropped( Encryption fail reason:&nbsp;Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database) and reject ( Encryption failure:&nbsp;no response from peer.). Please advise</P></BODY></HTML> Thu, 18 Jan 2018 06:48:55 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23564#M3924 Kumar_Sambhav 2018-01-18T06:48:55Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23565#M3925 <HTML><HEAD></HEAD><BODY><P>What did you find, if you compared Checkpoint and ASA vpn configuration?</P></BODY></HTML> Thu, 18 Jan 2018 09:47:11 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23565#M3925 Deepak_Chauhan 2018-01-18T09:47:11Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23566#M3926 <HTML><HEAD></HEAD><BODY><P>Check on your Cisco what VPN Encryption Domain networks (crypto map) the Check Point tries to negotiate with it. Adjust your Cisco config accordingly.</P></BODY></HTML> Thu, 18 Jan 2018 10:54:14 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23566#M3926 Danny 2018-01-18T10:54:14Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23567#M3927 <HTML><HEAD></HEAD><BODY><P>Yeah. This type of error generally comes when mismatch of VPN Encryption domain. It should same at both end.</P><P>First it choose the valid Proposal and negotiate with same proposal. So check the Encryption method &amp; Algorithm as well.</P></BODY></HTML> Thu, 18 Jan 2018 11:52:14 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23567#M3927 Gaurav_Pandya 2018-01-18T11:52:14Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23568#M3928 <HTML><HEAD></HEAD><BODY><P>Thanks Danny,</P><P></P><P>You were right. CheckPoint had the full remote network subnet in its VPN domian, where as at Cisco side only 3 IPs of subnet were listed. After adjusting VPN domain, connection worked fine</P></BODY></HTML> Thu, 18 Jan 2018 14:17:56 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23568#M3928 Kumar_Sambhav 2018-01-18T14:17:56Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23569#M3929 <HTML><HEAD></HEAD><BODY><P>Thanks Gaurav,</P><P><SPAN>You were right. CheckPoint had the full remote network subnet in its VPN domian, where as at Cisco side only 3 IPs of subnet were listed. After adjusting VPN domain, connection worked fine</SPAN></P></BODY></HTML> Thu, 18 Jan 2018 14:18:16 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23569#M3929 Kumar_Sambhav 2018-01-18T14:18:16Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23570#M3930 <HTML><HEAD></HEAD><BODY><P>Issue was due to VPN domain mismatch. Resolved now after giving same subnet IPs at both end. Check point had full subnet defined and at cisco only 3 Ips of same subnet were there</P></BODY></HTML> Thu, 18 Jan 2018 14:20:09 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23570#M3930 Kumar_Sambhav 2018-01-18T14:20:09Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23571#M3931 <HTML><HEAD></HEAD><BODY><P>Ok Great.</P></BODY></HTML> Thu, 18 Jan 2018 14:40:55 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23571#M3931 Gaurav_Pandya 2018-01-18T14:40:55Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23572#M3932 <HTML><HEAD></HEAD><BODY><P>when you configured the VPN domain, you set up your network subnet too, in the group networks?</P></BODY></HTML> Wed, 20 Jun 2018 16:29:26 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-issue-between-Checkpoint-on-AWS-and-Cisco-ASA-on-premise/m-p/23572#M3932 Luisnego 2018-06-20T16:29:26Z