https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149576#M23999 <P>Ok, so you are saying that vpn tunnel shows as up? If so, is this only traffic within it that is failing?</P> <P>Andy</P> Fri, 27 May 2022 02:32:25 GMT the_rock 2022-05-27T02:32:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149555#M23997 <P>Hello&nbsp;</P><P>&nbsp;</P><P>I am facing a strange issue , one of my IP from the DC server is not able to communicate to the branch side. From the branch side the DC server IP is reachable.</P><P>I am getting the attached error<STRONG> " </STRONG><FONT color="#000000"><STRONG>Encryption failure</STRONG></FONT><STRONG>&nbsp;: Error occurred&nbsp;and rejected category: IKE failure"</STRONG></P><P>Did anyone came across similar issue.</P><P>&nbsp;</P><P>I have other IPs from the datacenter which is communicating to branch site without any issues.</P><P>Verified the Tunnel is up , Policies are in place, renegotiated the tunnel&nbsp;</P><P>&nbsp;</P><P>OS version : R81 Take 65&nbsp;</P><DIV class="">&nbsp;</DIV><P>&nbsp;</P> Thu, 26 May 2022 22:07:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149555#M23997 diburaj 2022-05-26T22:07:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149576#M23999 <P>Ok, so you are saying that vpn tunnel shows as up? If so, is this only traffic within it that is failing?</P> <P>Andy</P> Fri, 27 May 2022 02:32:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149576#M23999 the_rock 2022-05-27T02:32:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149643#M24026 <P>Yes, The tunnel is up and the traffic is passing without any issue for all other IPs.</P><P>For a specific IP i am getting the error. The strange part is the Server IP is reacheable from the branch.</P><P>There are no policy blocking the traffic.</P><P>&nbsp;</P><P>Is there any specific debug that i can run to understand the reason for the block.</P><P>&nbsp;</P> Fri, 27 May 2022 20:58:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149643#M24026 diburaj 2022-05-27T20:58:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149644#M24027 <P>There is, follow below, you can leave it on for hours.</P> <P>from expert mode:</P> <P>vpn debug trunc</P> <P>vpn debug ikeon</P> <P>-generate traffic for problematic IP (s)</P> <P>vpn debug ikeoff</P> <P>Get ike.elg and vpnd.elg files from $FWDIR/log directory from fw and review to see if that IP gives any relevant info. Based on all you told us, to me logically, sounds like there is something with that server thats an issue and not vpn itself.</P> <P>Just my 2 cents.</P> <P>Andy</P> Fri, 27 May 2022 21:05:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/149644#M24027 the_rock 2022-05-27T21:05:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/189856#M34989 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/75083">@diburaj</a>&nbsp;</P> <P>&nbsp;</P> <P>Did you get any solution for this ? If yes can you please share with us.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 18 Aug 2023 08:17:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/189856#M34989 davinder083 2023-08-18T08:17:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/207262#M39169 <P>hello, try disabling Early Drop on the active node</P><P><A href="https://support.checkpoint.com/results/sk/sk111643" target="_blank">https://support.checkpoint.com/results/sk/sk111643</A></P> Tue, 27 Feb 2024 11:43:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/207262#M39169 Jesus 2024-02-27T11:43:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/207276#M39184 <P>That may help.</P> <P>Andy</P> Tue, 27 Feb 2024 14:05:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-dropped-with-IKE-failure-error/m-p/207276#M39184 the_rock 2024-02-27T14:05:03Z