Wednesday, November 10, 2010

Site to Site VPN Checkpoint to ASA

I have been dealing with tones of Site to Site VPN troubleshooting; most of it Checkpoint to Cisco ASA
Here is some of the error message I have seen and here is what does it mean :

"Encryption failure, decrypted methods did not match rule" >There are overlapping encryption domains.

"Received notification from peer: no proposal chosen." > VPN settings do not match on both ends. It could mean there is a subnet negotiation mismatch.

"Cannot identify peer for encrypted connection." > NAT is not applied properly.

"Encryption failure: packet is dropped as there is no valid SA." > Packet is corrupted before the reach the other VPN peer.

"Encryption failure: clear text packet should be encrypted or clear text packet received within an encrypted packet." > The IP address and subnet mask are incorrect in the general tab of the firewall topology tab or the VPN is terminating to the wrong interface.

"Encryption Failure: Packet was decrypted, but policy says connection should not be decrypted." > Check the VPN domains on the topology tab of the VPN objects.


  1. Cảm ơn đã chia sẽ bài viết rất hay và chi tiết
    Huy Real
    Đam Mê Thể Thao
    ca cuoc bong da l ca cuoc bong da

  2. Bài viết rất hay và chi tiết
    Đam Mê Bóng Đá
    bong88 l bong88

  3. Casino889- Khuyến mãi hấp dẫn khi tham gia đăng ký, tặng TK lên tới 100% giá trị nạp tiền
    Dễ dàng rút tiền trong vòng 1 phút
    Hoa hồng cực khủng 1.5 % không giới hạn
    Click dưới tham khảo nhé
    Cá cược bóng đá
    Ca cuoc bong da