https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132435#M5956 <P>Hi all,</P><P>&nbsp;</P><P>Having difficulty working out how to proceed with this particular VPN set up.</P><P>&nbsp;</P><P>This is between an 1800 device running R80.20.30 and a 3rd party non-Check Point.</P><P>&nbsp;</P><P>Phase 1 has no issues.</P><P>&nbsp;</P><P>Phase 2 fails on 'invalid ID information'</P><P>&nbsp;</P><P>When the 3rd party offers me 1 subnet only, and I change the remote encryption domain to that 1 subnet, the tunnel comes up instantly.</P><P>&nbsp;</P><P>When he offers more than 1 subnet, and equally I put these subnets in the enc domain, the tunnel fails with the error above.</P><P>&nbsp;</P><P>I believe if this was centrally managed/full Gaia, the solution would be to tick 'one vpn tunnel per subnet pair'</P><P>&nbsp;</P><P>I cant find such an option on Gaia Embedded.</P><P>&nbsp;</P><P>I also tried to create multiple VPN sites with a single subnet in each site, but you cant have multiple vpn sites with the same remote peer IP!!!</P><P>&nbsp;</P><P>Anyone?</P> Fri, 22 Oct 2021 14:24:00 GMT JackPrendergast 2021-10-22T14:24:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132435#M5956 <P>Hi all,</P><P>&nbsp;</P><P>Having difficulty working out how to proceed with this particular VPN set up.</P><P>&nbsp;</P><P>This is between an 1800 device running R80.20.30 and a 3rd party non-Check Point.</P><P>&nbsp;</P><P>Phase 1 has no issues.</P><P>&nbsp;</P><P>Phase 2 fails on 'invalid ID information'</P><P>&nbsp;</P><P>When the 3rd party offers me 1 subnet only, and I change the remote encryption domain to that 1 subnet, the tunnel comes up instantly.</P><P>&nbsp;</P><P>When he offers more than 1 subnet, and equally I put these subnets in the enc domain, the tunnel fails with the error above.</P><P>&nbsp;</P><P>I believe if this was centrally managed/full Gaia, the solution would be to tick 'one vpn tunnel per subnet pair'</P><P>&nbsp;</P><P>I cant find such an option on Gaia Embedded.</P><P>&nbsp;</P><P>I also tried to create multiple VPN sites with a single subnet in each site, but you cant have multiple vpn sites with the same remote peer IP!!!</P><P>&nbsp;</P><P>Anyone?</P> Fri, 22 Oct 2021 14:24:00 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132435#M5956 JackPrendergast 2021-10-22T14:24:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132515#M5957 <P>Did you try:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14065i0918B99D32A53CBA/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Mon, 25 Oct 2021 01:43:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132515#M5957 PhoneBoy 2021-10-25T01:43:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132543#M5959 <P>Well played PhoneBoy.</P><P>&nbsp;</P><P>Great spot. Thank you!</P> Mon, 25 Oct 2021 12:02:58 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/VPN-Phase-2-issues-Tunnel-Per-Subnet-invalid-ID-info/m-p/132543#M5959 JackPrendergast 2021-10-25T12:02:58Z