yes, on cisco's side is access-list, and checkpoint this is configured as network objects, but thoseshould match exctly - network and mask, just mirrored directions - source in 1st peer is destionationon 2nd peer and vice versa.
Hi,Can you make sure that the ACLs for the 'interesting' traffic for that specific tunnelare matching (mirrored direction of course). One other thing, which might shed somelight about the P2 negotiation is to increase the debug verbosity to 20+.
Hi,Is the remote peer (CheckPoint) single box or a clustered ?Have you noticed if this issue occures when only one WS is using the VPN tunnel ?If possible debug with only one WS and one flow (one destination) and monitor theIPSEC SA's for it, then in...