Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chaymosphere
Participant

Encryption Failure Failed to enforce VPN Policy (11)

Hi, I would like to ask if some of you ever encounter this scenario? I already did the sk106241 and based on TAC Engr. it is safe to run without rebooting the firewall. However, one of my segment did not take effect and it still encountering the same problem which is Failure Failed to enforce VPN Policy(11)

If you ever resolved this kind of issue, please advise what steps or procedures you did to solve this problem.

0 Kudos
Reply
4 Replies
Timothy_Hall
Champion
Champion

You seem to have an overlap in VPN domains between two or more of your managed firewalls that you need to fix. 

1) What does the command vpn overlap_encdom communities -s show?

2) Try these tools to get a better handle on your VPN domain definitions/routing:

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/One-liner-to-show-VPN-topology-on...

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Show-VPN-Routing-on-CLI/m-p/40216

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
chaymosphere
Participant

Thanks, I will update you once it works on the client's end

0 Kudos
Reply
chaymosphere
Participant

I would like to ask if this command "vpn overlap_encdom communities –s" is safe to run during the production?

0 Kudos
Reply
Timothy_Hall
Champion
Champion

Yes, safe to run during production.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply