I have been dealing with tones of Site to Site VPN troubleshooting; most of it Checkpoint to Cisco ASA
Here is some of the error message I have seen and here is what does it mean :
"Encryption failure, decrypted methods did not match rule" >There are overlapping encryption domains.
"Received notification from peer: no proposal chosen." > VPN settings do not match on both ends. It could mean there is a subnet negotiation mismatch.
"Cannot identify peer for encrypted connection." > NAT is not applied properly.
"Encryption failure: packet is dropped as there is no valid SA." > Packet is corrupted before the reach the other VPN peer.
"Encryption failure: clear text packet should be encrypted or clear text packet received within an encrypted packet." > The IP address and subnet mask are incorrect in the general tab of the firewall topology tab or the VPN is terminating to the wrong interface.
"Encryption Failure: Packet was decrypted, but policy says connection should not be decrypted." > Check the VPN domains on the topology tab of the VPN objects.