Hi All

I have a very interesting problem. I would really appreciate if somebody help me out.

We have a corporate VPN between 5 offices. We are using Checkpoint 4.1 on Windows NT. The Management console is at the head office from where we control all the other firewalls. The problem in question relates to a office, let us call that office A.

Office A has two FWs. One FW is used for VPNs between offices and another Checkpoint firewall to have VPNs with partners. The network interfaces on these two Office A FWs are completely different. Since the client FW needs access to Office A internal network, we have used a router to do this. The router was necessary because the two interfaces on two firewalls are in separate networks.

Office A encryption domain contains 2 networks. Let's call them network A and B. This encryption domain is used on Office A FW to establish VPNs with other offices.

Now the problem is that as soon as I use the same encryption domain on Office A - Client FW, it breaks the VPN with Office A and other offices. This does not look like an overlapping encryption domain problem because the encryption domain is used on two different firewalls and there is no VPN between those two firewalls.

As soon as I remove a network from the encryption domain and disable encryption on OfficeA- Client FW, the VPN between offices works fine.

I also tried defining a totally different encryption domain for OfficeA-Client FW which includes the same network A and B as does the Office A encryption domain. It did not work also. Same problem.

I would really appreciate your help in solving this problem.