You need to create a group for your local FW that excludes the 172.16.18.50 from your local encryption domain, if I am reading this correct.
-GS ________________________________ From: Oscar Esquivel <[email protected]> To: [email protected] Sent: Thursday, January 29, 2009 5:19:53 PM Subject: [FW-1] overlapping encryption domain Hello, I am trying to create a vpn site-to-site with a remote firewall. Remote encryption domain is a host 172.16.18.50, which already belong to a local WAN connection in my firewall, that's why I already have a route to this node. I know this could be accomplish through NAT. I`ve created all the configuration, but this is the error message I got on tacker: "encryption failure: Different community ID, possible NAT problem (VPN Error code 01)" I`ve created the next configuration: Interoperable devices: I`ve created an object for the remote firewall, with a group under topology for the remote encryption domain, that includes objects: Object name :Vpn_host ip 172.16.18.50 Object name :Vpn_host_with_nat ip 11.16.18.50 Nat rules added manually Rule #1 for outgoing traffic over vpn Original Packet Source: 172.26.2.250 Destination: 11.16.18.50 Service:any Translated Packet Source: original Destination: 172.16.18.50 Service: original Rule#2 for incoming traffic over pvn Original Packet Source: 172.16.8.50 Destination: 172.26.2.250 Service:any Translated Packet Source: 11.16.18.50 Destination: original Service: original Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
