How do I fix error "overlapping encryption domains"? Fully overlapping encryption domains are supported, partially overlapping encryption domains isn't. In other words, if you have two firewalls in a MEP configuration they must use exactly the same encryption domain. Use the command line tool "vpn overlap_encdom" which will give you info on your encryption domains. A firewall node must be marked as "exportable for securemote" before its topology info is calculated. One possible cause of the error partially overlapping encryption domain can be caused if a firewalled node (perhaps it doesn't even have VPN-1 checked) is marked as exportable in the objects_5_0.C file. To check this, search for
this line: If you find it below an object that shouldn't be exportable, change it to false.
24/JULY/03 |