 | ||
 encryption failure: Clear text packet should be encrypted | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-10-24 | |||
| |||
 encryption failure: Clear text packet should be encrypted People are not able to connect to a DMZ on my network. This is the error I see on my firewall logs. I am running Checkpoint NGX R60 (hot fix 3) encryption failure: Clear text packet should be encrypted Any Clues? Thanks. __________________ Systems Engineer  |
| 2006-10-24 | |||
| |||
| Re: encryption failure: Clear text packet should be encrypted Are they meant to be connecting via a VPN? Has this ever worked (and if it has, what has changed recently?) Have you perhaps recently configured a VPN, such that the firewall is expecting that that traffic should be encrypted? From where are they connecting? Internally? Externally? Is there any NAT involved? Some more detail would be nice. |
| 2006-10-24 | |||
| |||
| Re: encryption failure: Clear text packet should be encrypted No, they are not meant to be connecting via VPN. It was working but after I made a change (completely unrelated) and pushed the policy it stopped working and coming up with that error message. They are connecting within our Global Network, not our US network. The VPN that I added does not at all belong to this firewall where the traffic is coming from...So would it still cause this issue? Thanks again. __________________ Systems Engineer |
| 2006-10-24 | |||
| |||
| Re: encryption failure: Clear text packet should be encrypted So you made a change to add a VPN, and since then, this service no longer works? Follow standard operations procedure. You've made a change. Something has stopped working. Back out the change. Does it work now? If yes, you can conclude that the problem is your change. If it was me, I would check what you've configured for the encryption domain for this new VPN. My guess is that you've got an overlap between that encryption domain and the network that your other users are coming from. Remember that I only know what you tell us about your network. In this case, that is the sum of the information in your two posts. I have absolutely no idea what you are referring to by Global or US network. Certainly, obscure IP addresses, but you have to try and give some relevant information - e.g. here, given that you've now got errors referring to encryption problems, might it not have made sense to note that you've made a recent change, a VPN one at that, and that it stopped working when you made the change? |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
