This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Cimpeanu
Collaborator
‎2024-06-18 03:30 AM

IPSec between R81.20 VS gateway and MS Azure gateway

Hi,

I'm looking for some guidance in regards to creating an IPSec tunnel between a R81.20 VS gateway and MS Azure gateway controlled by a 3rd party; 

What I see from my end is successful peering - both Phase 1 and Phase 2, but the end-to-end communication does not go through the tunnel. I'm running AES265/SHA256, DG group 19 for Phase 1, and AES256/SHA256 with PFS SH Group 19

vpn tu tlist shows me an SPI for the tunnel, SmartView Monitor shows the tunnel as Up. Seen from Checkpoint side, all should be in place and working, yet it doesn't.

 

I have heard from the 3rd party mentioning that in their experience they have seen pre-R81.20 gateways working fine in similar scenarios but failing after an R81.20 upgrade, problem which gor presumably resolved by including an (unknown) Checkpoint ID?? for the Traffic Selectors - I'm puzzled by this statement, haven'd heard anything about this myself. 

 

Any advice is appreciated, I've spent a lot of hours on this without any progress at all. 😞

 

Thanks,

Daniel

 

0 Kudos
3 Replies
Alex-
Leader Leader
Leader
‎2024-06-18 03:39 AM

We successfully configured VPN's to Azure with R81.20 (both VS and ClusterXL) using the following resources:

 

https://support.checkpoint.com/results/sk/sk101275

 

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#RouteBasedOffers

 

Your values might be outside what is supported on the Azure side.

0 Kudos
Daniel_Cimpeanu
Collaborator
‎2024-06-18 04:54 AM
In response to Alex-

Was it IKE v1 or V2 you ended up using?

0 Kudos
the_rock
Legend
Legend
‎2024-06-18 05:09 AM

See if below post I made helps, if not, let me know, happy to help further.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top