Thread: Overlapping encryption domains issue
View Single Post
  #1 (permalink)  
Old 2007-10-25
robori robori is offline
Member
  
Join Date: 2006-10-28
Posts: 71
Rep Power: 3
robori has an average reputation (10+)
Default Overlapping encryption domains issue
Hello guys,

I have a site-to-site VPN between one partner company and the Remote Access VPN (SecuRemote) in the same firewall. Itīs running Ngx R60.

Iīve been receiving the error "Packet dropped due to no valid SA" in the logs, the problem is intermitent, and I think itīs because of the way Encryption domains are configured.

In the site-to-site VPN, the remote network is smth like 150.95.132.0/24 and this is configured in the Encryption domain for the firewall. However, in my Remote Access VPN (SecuRemote), thereīs network 150.95.0.0/16 in the Encryption domain. Itīs kindda wierd but itīs setup like this.

Do you think this overlapping encryption domain could be the reason why Iīm getting the Ipsec SA errors ?


Please help me if you have any ideas!


Thanks in advance,
Robori
__________________
CCSE NGX, CCNA, MCSE 2k, LPIc1, ITIL-F
Reply With Quote