Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shivajith_S
Contributor
Jump to solution

Ipsec VPN b/w checkpoint cluster and Azure gateway

Hi Experts ,

Does any one have config  guide for Ipsec VPN config between Azure and my cluster gateway.

My requirement is to establish tunnel between CP Cluster gateway to Azure .

Thanks .

1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

I can only point to this: sk101275 How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Securit... ! Permanent tunnel is a CP feature only - with 3rd party, establish a client at one site that pings a client on the other side every now and then...

When you do a VPN / IKE Debug you should see which stage fails and why - if you can not explain the behaviour i would ask TAC for help.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

9 Replies
G_W_Albrecht
Legend Legend
Legend

Please try sk101275: How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Securi....

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Shivajith_S
Contributor

Azure is the gateway based ,so in Selected gateway option need select peer gateway or Local gateway (public IP)

And in do need to any changes in Left hand side corner option "gateway"

Its R80.1

0 Kudos
Shivajith_S
Contributor

Hi all , 

I have configured vpn community , for azure site to site vpn , 

But still have some issue , that from smart log once preshared key installed( key symbol )  getting rejected catogery in logs with mention IKE failure .

Not able to bring up tunnel .

And one more thing tried with permenant tunnel .

In azure they include  Sadatasizekilobytes =102400000 kb for their ipsec profile,Do it's cause any  issue ?For this failure .

Remaining  encryption details configured same on both side. 

Can any one have idea on this ???

Thanks. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I can only point to this: sk101275 How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Securit... ! Permanent tunnel is a CP feature only - with 3rd party, establish a client at one site that pings a client on the other side every now and then...

When you do a VPN / IKE Debug you should see which stage fails and why - if you can not explain the behaviour i would ask TAC for help.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Shivajith_S
Contributor

Thanks Gunther for your kind support,  This one solved.

0 Kudos
Shivajith_S
Contributor

Hi Gunther,

While monitoring the tunnel after brought it up ..It was broken not frequently only one time recently .After resetting remote site end it came up .Is there any ways to troubleshoot further .

Thanks.  

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You can analyze the logs to find the reason that the VPN went down (on both sides).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Peter_Kenda1
Participant

Hello Günther,

Is there some information how to do Site to Site VPN connection to Azure with the SMB appliances. On the Microsoft site (About VPN devices for cross-premises Azure connections | Microsoft Docs ) I can read that the Minimum OS version for checkpoint is R77.30 on SMB appliances the latest version is R77.20.81. When I try to do VPN connection with R77.30 OS version (on 4600 appliances) the VPN work without any problem. Then I try with SMB appliances 1430 with the latest firmware/OS version R77.20.81 the VPN not work (with the same setting that I have for 4600 appliances).I would like to use RouteBased VPN connection with Azure.

When I try to do the VPN connection I can see that the Phase1 is up, but not Phase2. When I try to do the VPN debug I can not see anything in the ike.elg file. I check the ikev2.nmll file but looks like that I don't know how to read the file (ikeviewer).

Best regards, Peter

G_W_Albrecht
Legend Legend
Legend

I would suggest to involve TAC and later post the results here!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events