This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Sagar_Manandhar
Advisor
‎2017-12-03 08:58 PM

Azure Site-to-Site VPn fail

Jump to solution

Hi,

I have been trying to establish the IP sec vpn with Azure site. I have followed the sk101275 for the same but was not able to establish the VPN. Does anybody  successfully done it and it would be great if the configuration can be shared.

Regards,

Sagar Manandhar

Reply
1 Solution

Accepted Solutions
Sagar_Manandhar
Advisor
‎2018-01-22 10:50 PM
In response to PhoneBoy

Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

View solution in original post

Reply
8 Replies
PhoneBoy
Admin
Admin
‎2017-12-04 09:55 PM

Jump to solution

I'd start with basic troubleshooting, as described here: VPN Site-to-Site with 3rd party 

Note that most of this is generic to "third parties" (i.e. not a Check Point gateway you control) and should also apply to Azure.

Reply
Sagar_Manandhar
Advisor
‎2018-01-22 08:14 PM

Jump to solution

hi,

we have finally configure the VPN. we got to know that the parameter given in the checkpoint doc for Azure VPN is outdated and we have replace it with the new parameter given by the azure team and now its working fine

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2018-01-22 10:04 PM
In response to Sagar_Manandhar

Jump to solution

So that we can update our docs, can you share what the incorrect parameters are and what we should replace them with?

0 Kudos
Reply
Sagar_Manandhar
Advisor
‎2018-01-22 10:50 PM
In response to PhoneBoy

Jump to solution

Change MTU of interface: 1350 (1500 default)
Encryption Method: IKEv2 only
Custom Encryption suite:
IKE Security Association (Phase 1)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1
-Diffie-Hellman group : Group 2 (1024bit)

IKE Security Association (Phase 2)
-Encryption Algorithm: AES-256
-Data Integrity: SHA1


VPN Tunnel Sharing
-Select One VPN Tunnel per Gateway Pair

IKE(phase1)
-Renegotiate IKE security associations every (min): 480
IPsec(phase2)
-Renegotiate IPsec security associations every(sec):27000

View solution in original post

Reply
Igor_Roytman
Employee Alumnus
Employee Alumnus
‎2018-08-06 01:09 AM
In response to Sagar_Manandhar

Jump to solution

Sagar Manandhar‌ can you please elaborate what was incorrect in the SK that caused VPN not work, so we will update the SK? I see different SA lifetimes, it should not cause issue to establish the tunnel.. Of course still SK should be updated, but I wonder if there are some other parameters to be fixed..
Thank you in advance!

0 Kudos
Reply
Amir_Rehman
Contributor
‎2019-04-03 12:15 PM
In response to Igor_Roytman

Jump to solution

Did you anyone figure out what parameters are outdated ?

0 Kudos
Reply
Henrique_Sauer_
Contributor
‎2019-10-13 07:41 AM
In response to Sagar_Manandhar

Jump to solution

It worked for me!

Thanks dude

0 Kudos
Reply
Gaurav_Pandya
Advisor
‎2019-04-04 03:44 AM

Jump to solution

We have also established tunnel checkpoint gateway to AWS successfully but it sometimes disconnect the connection and we have to reset the tunnel every time to establish flow again.

0 Kudos
Reply