https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/135067#M20329 <P>Hi Val, thank you for answer, sorry for late response, meanwhile client has decided for other better solution. If we have same request in future, we will take debug.</P> Sat, 27 Nov 2021 23:42:46 GMT Slavko_Kojic 2021-11-27T23:42:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134127#M20060 <P>Hello Checkmates,&nbsp;</P><P>Customer has request&nbsp;<SPAN>&nbsp;to establish a VPN tunnel over an existing VPN tunnel ( two miktotiks over existing VTI tunnel between CheckPoint R80.40 and Juniper).</SPAN></P><P><SPAN>When tunnel is initiated from Miktrotik behind CP, the IKE packet is dropped from CP with message:<BR />"Failed to enforce VPN policy (11)".</SPAN></P><P><SPAN>Regard, sk106241.&nbsp;</SPAN></P><P><SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106241#Scenario%202" target="_blank" rel="noopener">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106241#Scenario%202</A></SPAN></P><P><SPAN>I've changed setting <EM>fw ctl set int encrypt_non_gw_rdp_ike 1</EM>&nbsp;, but without success</SPAN></P><P><SPAN>Please, do you have some suggestions about this problem, or is TAC necessary for this.&nbsp;</SPAN></P><P>&nbsp;</P> Tue, 16 Nov 2021 08:01:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134127#M20060 Slavko_Kojic 2021-11-16T08:01:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134353#M20127 <P>Yes, please raise a TAC case. Also, the mentioned SK does not seem to be related to your specific case.</P> Thu, 18 Nov 2021 09:13:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134353#M20127 _Val_ 2021-11-18T09:13:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134356#M20128 <P>Actually, it is relevant. the second case "Site to Site" seems to be your situation. Did you try setting up VPN debug, as SK recommends?</P> Thu, 18 Nov 2021 09:19:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/134356#M20128 _Val_ 2021-11-18T09:19:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/135067#M20329 <P>Hi Val, thank you for answer, sorry for late response, meanwhile client has decided for other better solution. If we have same request in future, we will take debug.</P> Sat, 27 Nov 2021 23:42:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-to-enforce-VPN-policy-11/m-p/135067#M20329 Slavko_Kojic 2021-11-27T23:42:46Z