The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
3rd party VPN peer rejects IDs proposed in IKE phase 2 and tunnel not established (unless initiated from peer side)
| Solution ID |
sk122478 |
| Product |
IPSec VPN |
| Version |
R77.30, R80.10 |
| Date Created |
21-Jan-2018
|
| Last Modified |
30-Apr-2019
|
Symptoms
- 3rd party VPN peer rejects the IDs proposed in IKE phase 2 and the tunnel is not established (unless initiated from peer side).
- Supernetting is disabled (ike_enable_supernet = false), but the Security Gateway proposes subnets that are not always based on the network objects in the encryption domain
Cause
Encryption domain overlaps are not supported and undefined behavior may occur if they are configured.
Solution
|
Note: To view this solution you need to
Sign In
.
|
