Sounds like the IPSec proxies don't match.
Regards
David Taylor
-----Original Message-----
From: Matthew West [mailto:matthew.west@eds.com]
Sent: Wednesday, 22 December 2004 12:17 PM
To: firewalls@securityfocus.com
Subject: Checkpoint FW-1 -> Cisco VPN error
Hi All
I am getting a rather cryptic message after a successful IKE handshake
between CP FW-1 R55 and Cisco PIX (the PIX has been happily VPN'ing with
another PIX). Once the handshake has completed (successfully) and
traffic is attempted to be routed the CP firewall denies the traffic
stating:
encryption failure: Packet was decrypted, but policy says connection
should not be decrypted
I am using 'simplified mode' VPN configuration and have the external
interoperable devices as a part of the VPN star config and do not have
the tick box 'allow key exchange for subnets' ticked either in the
global properties or the properties of the VPN community.
I did find something after googling for the error message but this was
resolved by changing settings for MEP's and failover gateways which I do
not have in this instance.
Any thoughts? Any further info needed?
All help much appreciated.
Matt
**********************************************************************
Please note that your email address is known to AUSTRAC for the
purposes of communicating with you. The information transmitted in
this e-mail is for the use of the intended recipient only and may
contain confidential and/or legally privileged material. If you have
received this information in error you must not disseminate, copy or
take any action on it and we request that you delete all copies of
this transmission together with attachments and notify the sender.
This footnote also confirms that this email message has been swept for
the presence of computer viruses.
**********************************************************************
