simplified VPN!!! simplified!!!

philofish · #1 (**permalink**) 2006-03-13

Nothing simple about them

I keep getting the same bloody error

cannot identify peer for encrypted connection [VPN error code 2]

I have encryption domains
I have setup the 'accept encrypted traffic'

And yet i continually get this error!! - i have setup traditional VPN - no problem! - I have even followed the notes on the PDF doc on the checkpoint web site for simplified VPN

Can anyone tell me what is going on - what does this point to?
Why cant it identify the peer for encrypted connection and what is VPN error code 2?????!?!?!

Thanks - before i throw this SPLAT out the window
If this is simple then i am the queen of bloody sheeba!

Lackie · #2 (**permalink**) 2006-03-13

Do you either have a no-nat rule or within the VPN community have a check in the box for disable NAT within the community?

philofish · #3 (**permalink**) 2006-03-14

Hi lackie

Yes i have a NONAT rule with both networks in

I have also checked /tried the 'do not NAT inside the tunnel'

A question i have to ask is this

I have 1 management server - that sits behind one of the firewalls
It can see all the other firewalls via a static NAT rule -->outbound on the firewall it sits behind [Private IP address]

The other firewalls see the public IP address on their inbound rules and SIC works fine. As the firewalls use a certificate generated by the management server for siomplified vpn's does that mean that they should also have access to the CRL? could this be a problem? do they need to talk back to the management server? Is the CRL hosted on the managment server?

So many questions - but thanks for any answers that may help!

Lackie · #4 (**permalink**) 2006-03-14

Yes, they will need access to the management station for the certificate. I'm guessing that they are trying to communicate with it on it's private IP address.

philofish · #5 (**permalink**) 2006-03-15

That could be it

Thanks -

Just another question if poss?

I have SPLAT & windows 2003 running without any HFA's - could this also be an issue, i.e. simplified VPN cert problem - means install latest hotfix?

kva.kva · #6 (**permalink**) 2006-03-15

You can see smth in release note for HFA, may be you'll find your problem in it.
I think better use last HFA anyway.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode