The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
3rd party VPN peer rejects IDs proposed in IKE phase 2 and tunnel not established (unless initiated from peer side)
Technical Level
Solution ID
sk122478
Technical Level
Product
IPSec VPN
Version
R77.30 (EOL), R80.10 (EOL)
Date Created
21-Jan-2018
Last Modified
30-Apr-2019
Symptoms
3rd party VPN peer rejects the IDs proposed in IKE phase 2 and the tunnel is not established (unless initiated from peer side).
Supernetting is disabled (ike_enable_supernet = false), but the Security Gateway proposes subnets that are not always based on the network objects in the encryption domain
Cause
Encryption domain overlaps are not supported and undefined behavior may occur if they are configured.