Thanks Russell. I found a similar KB article that suggested we had partially
overlapping encryption domains. Only a few SecureClient people, all Windows
XP, were experiencing this issue, though. They also were seeing a "tunnel
test failed" message on login.
However, since we had just reconfigured the encryption domain on one of the
two gateways a day earlier, it was worth looking into. I ran "vpn
overlap_encdom" on the controlling SmartCenter server per SK21541 and it
reported that none of the encryption domains overlapped.
I put the encryption domain on the one gateway back to where it was and the
problem stopped. Go figure.
Ray
From: Russell Aspinwall <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] encryption failure: decrypted methods didn't match rule
(VPN Error code 03)
Date: Fri, 18 Jun 2004 13:31:38 +0100
Hi Ray,
I had a similar problem the solution was to change PFS from 1024 bit back
to 768 bit (originally
768bit).
Ray wrote:
Some of my SecureClient users is suddenly getting this error:
Encryption Scheme: IKE
Encryption Methods: ESP: AES-128 + SHA1 + DEFLATE
Information: encryption failure: decrypted methods
didn't
match rule (VPN Error code 03)
I can't find it in the SecureKnowledge KB. I applied HFA06 to R55 a few
days
ago.
Any thoughts are greatly appreciated!
Ray
_________________________________________________________________
Check out the coupons and bargains on MSN Offers!
http://youroffers.msn.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Regards
Russell
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
MSN 9 Dial-up Internet Access fights spam and pop-ups – now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
