cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Azure Site-to-Site VPn fail

Jump to solution

Hi,

I have been trying to establish the IP sec vpn with Azure site. I have followed the sk101275 for the same but was not able to establish the VPN. Does anybody  successfully done it and it would be great if the configuration can be shared.

Regards,

Sagar Manandhar

1 Solution

Accepted Solutions

Re: Azure Site-to-Site VPn fail

Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

8 Replies
Admin
Admin

Re: Azure Site-to-Site VPn fail

Jump to solution

I'd start with basic troubleshooting, as described here: VPN Site-to-Site with 3rd party 

Note that most of this is generic to "third parties" (i.e. not a Check Point gateway you control) and should also apply to Azure.

Re: Azure Site-to-Site VPn fail

Jump to solution

hi,

we have finally configure the VPN. we got to know that the parameter given in the checkpoint doc for Azure VPN is outdated and we have replace it with the new parameter given by the azure team and now its working fine

0 Kudos
Admin
Admin

Re: Azure Site-to-Site VPn fail

Jump to solution

So that we can update our docs, can you share what the incorrect parameters are and what we should replace them with?

0 Kudos

Re: Azure Site-to-Site VPn fail

Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

Employee
Employee

Re: Azure Site-to-Site VPn fail

Jump to solution

Sagar Manandhar‌ can you please elaborate what was incorrect in the SK that caused VPN not work, so we will update the SK? I see different SA lifetimes, it should not cause issue to establish the tunnel.. Of course still SK should be updated, but I wonder if there are some other parameters to be fixed..
Thank you in advance!

0 Kudos
Amir_Rehman
Nickel

Re: Azure Site-to-Site VPn fail

Jump to solution

Did you anyone figure out what parameters are outdated ?

0 Kudos

Re: Azure Site-to-Site VPn fail

Jump to solution

It worked for me!

Thanks dude

0 Kudos

Re: Azure Site-to-Site VPn fail

Jump to solution

We have also established tunnel checkpoint gateway to AWS successfully but it sometimes disconnect the connection and we have to reset the tunnel every time to establish flow again.

0 Kudos