Encryption failure

mheldens · #1 (**permalink**) 2007-09-06

Hello,
I have a problem to connect 2 site's together.
I will include a drawing wich makes thing more clear.

A remote location's is connected with a site 2 site VPN connection over the internet. In this location is PC A. At the main site is PC B located and both PC's can connect transparant. At another location is PC C located, this location is behind another CP what is not managed by me. This CP is connected through a private ethernetlink.
The problem occures when PC A whats to ping to PC C. In my CP i get the message "encryption failure: According to the policy the packet should not have been decrypted"
When PC B pings to PC C it's works without errors.
Does anyone hase a clue what i'm doing wrong??

Thanks

Maarten Heldens

mcnallym · #2 (**permalink**) 2007-09-06

Loking at it then I would guess that you have setup so that the VPN is between Gateway A and Gateway B.

In order to get to Gateway C then you need to traverse Gateway B. Do you run a VPN between A and C or have you configured so that the VPN between A and B also covers the network behind Gateway C. ie the Encryption domain for Gateway B covers the network at Gateway C.

Gateway B to C is clear so no VPN required which is why working fine.

mheldens · #3 (**permalink**) 2007-09-06

Quote:

Originally Posted by mcnallym

Loking at it then I would guess that you have setup so that the VPN is between Gateway A and Gateway B.

In order to get to Gateway C then you need to traverse Gateway B. Do you run a VPN between A and C or have you configured so that the VPN between A and B also covers the network behind Gateway C. ie the Encryption domain for Gateway B covers the network at Gateway C.

Gateway B to C is clear so no VPN required which is why working fine.

The s2s VPN is between Gateway A and Gateway B. Gateway B covers the network behind Gateway C. Only the netwerk between Gateway B and C (10.31.12.0 /24) is in the encryption domain of Gateway B.
Do i need to place the network of PC C (10.31.15.0 /24) also in the encryption domain of Gateway B???

Thorpuse · #4 (**permalink**) 2007-09-06

Quote:

Originally Posted by mheldens

The s2s VPN is between Gateway A and Gateway B. Gateway B covers the network behind Gateway C. Only the netwerk between Gateway B and C (10.31.12.0 /24) is in the encryption domain of Gateway B.
Do i need to place the network of PC C (10.31.15.0 /24) also in the encryption domain of Gateway B???

Yes. This needs to be included in the VPN domain.

mheldens · #5 (**permalink**) 2007-09-06

Quote:

Originally Posted by Thorpuse

Yes. This needs to be included in the VPN domain.

Thanks, i added that subnet to the Encryption domain and i got through CP. Only the other side has to route subnet A backup to me.....but that is out of the scope of this forum.... ;-))

Greetings,

Maarten

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode