encryption failure: error occurred scheme: IKE

[polle]

Hi all,

I have setup a Site to Site VPN with a Checkpoint 4.1 and a Nokia Firewall ( Encryption and Data Integration 3DES+MD5), when I try the Connection from my Internal Network the Connection works very well. But now I want have a Connect trough the VPN from another NOT directly connected Internal Network. I setup the Encryption Domain to my Firewall, Rulebase is correct, but I become the Error "encryption failure: error occurred scheme: IKE". Must the Network to en/decrypted directly connected to the Firewall? or any other Ideas?

Thanks for helping.

Polle

 

[sharpkings]

polle

It is possible to have non-directly connected networks go through the tunnel,

Have you checked that the encryption domains are correct at both Fw's ? on your local FW you need a route plus the network specified in the encryption domain for the local FW. On the remote it will also need the network specified in the encryption domain associated with the local Fw within it's rulebase.

In general the VPN is set up by having the encryption domains specified on the relevant FW objects, and the rulebase specify the same encryption domains as source and destination targets with the action encrypt... If you have the encryption working for your local net, then the actual IKE is OK. You simply need to check that the FW's both agree that packets either from or to the remote attached nets need to be encrypted using the same rule and FW objects.

Hope this helps.