This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oussa
Explorer
‎2023-04-28 07:11 AM

site to site vpn

Hello,

 

We're trying to implement a site-to-site VPN, and i get the error  "Encryption Failure: according to the policy the packet should not have been decrypted".

We tried the url:

URL 1 : https://support.checkpoint.com/results/sk/sk64060

URL 2 : https://support.checkpoint.com/results/sk/sk97612

We tried the solution of url 1 and 2 it doesn't work despite having vpn enabled on both sides.

We have tried using and inbound NAT, but error message persists.

Client A has shophs gateway and client B has checkpoint r80.40 gateway.

Have you encountered this problem before? And how did you solve this?

 

Thx

0 Kudos
1 Reply
the_rock
Legend
Legend
‎2023-04-28 07:34 AM

Check out below:

https://support.checkpoint.com/results/sk/sk108600

Now, here is what I can tell you. Error you get, 99% of the time is related to phase 2, so something with enc. domains. Firewall is simply "telliong" you that packet SHOULD have been encrypted. 

I gave below to few people here in the community and it always helped. If you check these valus in guidbedit, should be set to false. It simplty implies that CP would stop presenting largest possible subnet, even though its not supposed to. Not saying it would solve your issue, but it always helps.

ike_enable_supernet

ike_p2_enable_supernet_from_R80.20

ike_use_largest_possible_subnets

 

By the way, if you get confused, we can always do remote session.

 

Cheers,

 

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events