Hi Mike, Check that your NAT rules are disabled for the VPN encryption domain.
You'll find you can set that on the community properties if you're using simple mode, but if you're using traditional make sure you add at least an outgoing "no-NAT" rule near the top of the NAT rulebase as follows: <My EncDom> <Dst-EncDom> ANY =Original =Original =Original The firewall will NAT the source with your hide address otherwise, and then when it comes to check the target gateway (using the SA's in place), it won't find an SA that matches the new (changed) source address and then generate this message. Best regards Steve Bourike Applied Security Consulting Limited http://www.appliedsecurity.co.uk -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Miguel Hernandez y Lopez Sent: Monday, June 30, 2008 5:57 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] encryption failure: Cannot identify peer for encrypted connection Howdy all, Does someone saw thies error? encryption failure: Cannot identify peer for encrypted connection (VPN error 04) On CP documentation it seems a problem with the domain encryption, but it´s all fine. The object of the network is in my domain encryption. Any ideas for this? thanks in advance, Mike Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================