[hunteralpha]

My experience on the same question is not all problem in check point, I solve this issue on 2008.10.14, a NG R55 with Juniper Netscreen 25, the issue is one Juniper not Check Point.

The problem is on netscreen keep ike policy so reject vpn domain exchange (netscreen call this proxy id), cause one way vpn.

On that way, netscreen to check point vpn is fine, but check point to netscreen vpn alway reject, the following is netscreen reject message.

2008-10-09 17:33:04 system info 00536 IKE<CheckPointIP> Phase 2: No policy exists for the proxy ID received: local ID (<192.168.14.0>/<255.255.254.0>, <0>, <0>) remote ID (<10.101.0.0>/<255.255.0.0>, <0>, <0>).
2008-10-09 17:33:04 system info 00536 IKE<CheckPointIP> Phase 2 msg ID <5aae18e1>: Responded to the peer's first message.
2008-10-09 17:33:00 system info 00536 IKE<CheckPointIP> Phase 2 msg ID <5aae18e1>: Negotiations have failed.
2008-10-09 17:33:00 system info 00536 Rejected an IKE packet on ethernet3 from CheckPointIP:500 to JuniperIP:500 with cookies d8264746d526c416 and 97679af0e9a7991a because the peer sent a proxy ID that did not match the one in the SA config.

So, I using the follow instruction on juniper to solve my issue.
I think this issue should version independent on NG or NGX.
Hope this help for you.

unset ike policy-checking
unset ike accept-all-proposal