Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pavel88
Explorer

invalid ike sa

hello.

I have a vpn between checkpoint and a 3rd party with a dynamically assigned IP address,

I can establish a tunnel only from one way (from the 3rd party) but not from the checkpoint.

it uses a certificate.

from vpnd I can see a lot of massages : 

ikeSimpOrder::setPeer: peer is not a user (is user: 0) or invalid ike sa 

is this message relevant and something has to be checked? 

thank you.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

That generally means your encryption domains are not subnetted/defined the same way on both sides.
See here to debug: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos