[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: Re: [FW-1] encryption failure: Cannot identify peer for encrypted connection
From: Stephen JT Bourike <steveb () ASCLTD ! CO ! UK>
Date: 2008-06-30 17:22:19
Message-ID: !&!AAAAAAAAAAAYAAAAAAAAAHM8bIJrSzRIgQYA9oX2AjaCgQAAEAAAAIeWXlmHIH5EnqSiM14TXeMBAAAAAA== () ascltd ! co ! uk
[Download RAW message or body]
Hi Mike,
Check that your NAT rules are disabled for the VPN encryption domain.
You'll find you can set that on the community properties if you're using
simple mode, but if you're using traditional make sure you add at least an
outgoing "no-NAT" rule near the top of the NAT rulebase as follows:
<My EncDom> <Dst-EncDom> ANY =Original =Original =Original
The firewall will NAT the source with your hide address otherwise, and then
when it comes to check the target gateway (using the SA's in place), it
won't find an SA that matches the new (changed) source address and then
generate this message.
Best regards
Steve Bourike
Applied Security Consulting Limited
http://www.appliedsecurity.co.uk
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of Miguel
Hernandez y Lopez
Sent: Monday, June 30, 2008 5:57 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] encryption failure: Cannot identify peer for encrypted
connection
Howdy all,
Does someone saw thies error?
encryption failure: Cannot identify peer for encrypted connection (VPN error
04)
On CP documentation it seems a problem with the domain encryption, but itīs
all fine. The object of the network is in my domain encryption. Any ideas
for this?
thanks in advance,
Mike
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic