topic R80.40 LSV &amp; DAIP Ipsec VPN - VPN domain of peers not detected in General Topics https://community.checkpoint.com/t5/General-Topics/R80-40-LSV-amp-DAIP-Ipsec-VPN-VPN-domain-of-peers-not-detected/m-p/77404#M15764 <P>Hi,</P><P>Saw some other post here asking about odd IPSEC behavior in R80.40. I have been trying to get LSV ipsec VPN working but it seems that the VPN domain is not detected at all and then traffic cannot flow.</P><P>If I create the devices as interoperable devices with the same internal CA identifiers under "matching criteria" I can get it working but even then I have to manually override the VPN domain in the VPN community and the firewall doesn't seem able to sniff the VPN domain even from the information i put into the interoperable device information.</P><P>Has anyone tried reporting bugs to check point about LSV vpn or does anyone have info about upcoming Jumbo HFAs that might fix this behavior?</P><P>Since no VPN domain is detected the tunnel comes up OK but traffic fails to pass because it is dropped by the ruleset with the message :&nbsp;According to the policy the packet should not have been decrypted</P> Fri, 06 Mar 2020 07:27:05 GMT Raine_Widjeskog 2020-03-06T07:27:05Z R80.40 LSV & DAIP Ipsec VPN - VPN domain of peers not detected https://community.checkpoint.com/t5/General-Topics/R80-40-LSV-amp-DAIP-Ipsec-VPN-VPN-domain-of-peers-not-detected/m-p/77404#M15764 <P>Hi,</P><P>Saw some other post here asking about odd IPSEC behavior in R80.40. I have been trying to get LSV ipsec VPN working but it seems that the VPN domain is not detected at all and then traffic cannot flow.</P><P>If I create the devices as interoperable devices with the same internal CA identifiers under "matching criteria" I can get it working but even then I have to manually override the VPN domain in the VPN community and the firewall doesn't seem able to sniff the VPN domain even from the information i put into the interoperable device information.</P><P>Has anyone tried reporting bugs to check point about LSV vpn or does anyone have info about upcoming Jumbo HFAs that might fix this behavior?</P><P>Since no VPN domain is detected the tunnel comes up OK but traffic fails to pass because it is dropped by the ruleset with the message :&nbsp;According to the policy the packet should not have been decrypted</P> Fri, 06 Mar 2020 07:27:05 GMT https://community.checkpoint.com/t5/General-Topics/R80-40-LSV-amp-DAIP-Ipsec-VPN-VPN-domain-of-peers-not-detected/m-p/77404#M15764 Raine_Widjeskog 2020-03-06T07:27:05Z Re: R80.40 LSV & DAIP Ipsec VPN - VPN domain of peers not detected https://community.checkpoint.com/t5/General-Topics/R80-40-LSV-amp-DAIP-Ipsec-VPN-VPN-domain-of-peers-not-detected/m-p/77528#M15780 Recommend opening a TAC case. Sat, 07 Mar 2020 00:29:28 GMT https://community.checkpoint.com/t5/General-Topics/R80-40-LSV-amp-DAIP-Ipsec-VPN-VPN-domain-of-peers-not-detected/m-p/77528#M15780 PhoneBoy 2020-03-07T00:29:28Z