Hello guys 🙂
We are trying to implement a site to site VPN, and we are getting the "Encryption Failure: according to the policy the packet should not have been decrypted" error message.
I would like to know if you have some recommendations about it, and if it's rather good to open an SR to check this,
The details are:
Local and remote domains on the other company side:
Recent troubleshooting details:
1.- We checked that remote network is configured on the antispoofing interface exceptions.
2.- As showed on the latest images, domain configuration matches on both sides
3.- Configured on Gaia remote network routes:
3.1.- In fact, despite the static route, a show route destination against the remote network shows de default route (Internet) as next hop:
4.- We have tried using and inbound NAT, but error message persists either with or without NAT.
5.- Some people at work said that the remote device (A linksys small business VPN router) might be incompatible with our R80.20 Security Gateway
6.- I have followed sk64060 recommendations, but, despite I have changed in many times the remote and local subnets, verified the encryption domain configurations, and also reseted the tunnel via SmartView Monitor and the vpn tu utility, we are still getting the same error message.
Thank you in advance!