cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Shivajith_S
Nickel

Ipsec VPN b/w checkpoint cluster and Azure gateway

Hi Experts ,

Does any one have config  guide for Ipsec VPN config between Azure and my cluster gateway.

My requirement is to establish tunnel between CP Cluster gateway to Azure .

Thanks .

9 Replies

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Shivajith_S
Nickel

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Azure is the gateway based ,so in Selected gateway option need select peer gateway or Local gateway (public IP)

And in do need to any changes in Left hand side corner option "gateway"

Its R80.1

0 Kudos
Shivajith_S
Nickel

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Hi all , 

I have configured vpn community , for azure site to site vpn , 

But still have some issue , that from smart log once preshared key installed( key symbol )  getting rejected catogery in logs with mention IKE failure .

Not able to bring up tunnel .

And one more thing tried with permenant tunnel .

In azure they include  Sadatasizekilobytes =102400000 kb for their ipsec profile,Do it's cause any  issue ?For this failure .

Remaining  encryption details configured same on both side. 

Can any one have idea on this ???

Thanks. 

0 Kudos

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

I can only point to this: sk101275 How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Securit... ! Permanent tunnel is a CP feature only - with 3rd party, establish a client at one site that pings a client on the other side every now and then...

When you do a VPN / IKE Debug you should see which stage fails and why - if you can not explain the behaviour i would ask TAC for help.

Shivajith_S
Nickel

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Thanks Gunther for your kind support,  This one solved.

0 Kudos
Highlighted
Shivajith_S
Nickel

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Hi Gunther,

While monitoring the tunnel after brought it up ..It was broken not frequently only one time recently .After resetting remote site end it came up .Is there any ways to troubleshoot further .

Thanks.  

0 Kudos

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

You can analyze the logs to find the reason that the VPN went down (on both sides).

0 Kudos

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

Hello Günther,

Is there some information how to do Site to Site VPN connection to Azure with the SMB appliances. On the Microsoft site (About VPN devices for cross-premises Azure connections | Microsoft Docs ) I can read that the Minimum OS version for checkpoint is R77.30 on SMB appliances the latest version is R77.20.81. When I try to do VPN connection with R77.30 OS version (on 4600 appliances) the VPN work without any problem. Then I try with SMB appliances 1430 with the latest firmware/OS version R77.20.81 the VPN not work (with the same setting that I have for 4600 appliances).I would like to use RouteBased VPN connection with Azure.

When I try to do the VPN connection I can see that the Phase1 is up, but not Phase2. When I try to do the VPN debug I can not see anything in the ike.elg file. I check the ikev2.nmll file but looks like that I don't know how to read the file (ikeviewer).

Best regards, Peter

Re: Ipsec VPN b/w checkpoint cluster and Azure gateway

I would suggest to involve TAC and later post the results here!

0 Kudos