Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JASPAL_SINGH
Contributor

IPSEC Site to Site VPN Encryption domain update

Hi All,

I have updated the Encryption domain for exiting Site to Site IPSEC VPN. Tunnel is up and active.

Communication is not ok to the IP that is added recently. Policy is installed.

In zdebug error is coming like " encryption failed".

I doubt we need to reset the tunnel but I did not reset the tunnel yet.

My query is like do we need to reset the tunnel after we update the existing encryption domain ?

 

Thank & Regards,

Jaspal Singh

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

It can depending on how precisely the encryption domain was changed and your precise configuration.

0 Kudos
Maarten_Sjouw
Champion
Champion

Like what @PhoneBoy said, it is depending on the configuration:

  • Is it a Check Point to Check Point tunnel between 2 gateways manged by the same management server?
    • What is the setting for the tunnel, per host/network/gateway pair?
    • Permanent tunnel settings?
  • Is it a Check Point to other brand FW or externallyu manged CP?
    • Has the topology on the other side also been updated?
    • Tunnel settings?

Just to mention some questions.

Regards, Maarten
0 Kudos