This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sagar_Manandhar
Advisor
‎2017-12-03 08:58 PM
Jump to solution

Azure Site-to-Site VPn fail

Hi,

I have been trying to establish the IP sec vpn with Azure site. I have followed the sk101275 for the same but was not able to establish the VPN. Does anybody  successfully done it and it would be great if the configuration can be shared.

Regards,

Sagar Manandhar

1 Solution

Accepted Solutions
Sagar_Manandhar
Advisor
‎2018-01-22 10:50 PM
In response to PhoneBoy
Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2017-12-04 09:55 PM
Jump to solution

I'd start with basic troubleshooting, as described here: VPN Site-to-Site with 3rd party 

Note that most of this is generic to "third parties" (i.e. not a Check Point gateway you control) and should also apply to Azure.

Sagar_Manandhar
Advisor
‎2018-01-22 08:14 PM
Jump to solution

hi,

we have finally configure the VPN. we got to know that the parameter given in the checkpoint doc for Azure VPN is outdated and we have replace it with the new parameter given by the azure team and now its working fine

PhoneBoy
Admin
Admin
‎2018-01-22 10:04 PM
In response to Sagar_Manandhar
Jump to solution

So that we can update our docs, can you share what the incorrect parameters are and what we should replace them with?

0 Kudos
Sagar_Manandhar
Advisor
‎2018-01-22 10:50 PM
In response to PhoneBoy
Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

Igor_Roytman
Employee
Employee
‎2018-08-06 01:09 AM
In response to Sagar_Manandhar
Jump to solution

Sagar Manandhar‌ can you please elaborate what was incorrect in the SK that caused VPN not work, so we will update the SK? I see different SA lifetimes, it should not cause issue to establish the tunnel.. Of course still SK should be updated, but I wonder if there are some other parameters to be fixed..
Thank you in advance!

0 Kudos
Amir_Rehman
Contributor
‎2019-04-03 12:15 PM
In response to Igor_Roytman
Jump to solution

Did you anyone figure out what parameters are outdated ?

0 Kudos
Henrique_Sauer_
Contributor
‎2019-10-13 07:41 AM
In response to Sagar_Manandhar
Jump to solution

It worked for me!

Thanks dude

0 Kudos
Gaurav_Pandya
Advisor
‎2019-04-04 03:44 AM
Jump to solution

We have also established tunnel checkpoint gateway to AWS successfully but it sometimes disconnect the connection and we have to reset the tunnel every time to establish flow again.

0 Kudos
John_Richards
Contributor
‎2022-05-09 07:45 AM
In response to Gaurav_Pandya
Jump to solution

Can someone please post what the settings should be or a link to the documentation for a Check Point site-to-site VPN between a on-prem cluster to a single to Azure GW? I have have a TAC case open and even they are having trouble. We use Smart-1 to manage both GW's and I suspect that may be causing the issue.

0 Kudos
fllangari
Explorer
Explorer
‎2022-09-22 05:34 PM
In response to John_Richards
Jump to solution

Hi John

Do you were successful in being able to create the vpn between the 2 checkpoint fw, managed by the same management.?

In one case, with TAC apply the sk21156, where disable the CRL.

Best regards

0 Kudos
John_Richards
Contributor
‎2022-09-23 08:32 AM
In response to fllangari
Jump to solution

I believe it came down to the settings in the topology for the MAAS tunnel on the GW. Once we corrected the topo the tunnel worked.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top