This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Edu_Amores
Explorer
‎2020-03-25 02:35 PM

Issue configuring VPN with VTI between Checkpoint and Azure

Hello,

I am trying to make work a VPN tunnel between a Checkpoint Firewall (R80.10 Tale 259) and Azure but I am getting the following error:

 

Notify Payload

Critical: No
Length: 40
Next payload: Notify
Protocol: 0
Type: Quick Crash Detection Token
ndata: 1c 61 db 62 ad 9a 5b 98 3f 64 1b d1 c8 69 a2 b0 6f 0d c5 79 79 94 6c 15 02 3b 6a 16 df 1f be 43
spisize: 0

 

And then:

 

Notify Payload

Critical: No
Length: 8
Next payload: None
Protocol: IKE
Type: Invalid IKE SPI
spisize: 0

 

It is weird because Phase 1 and Phase 2 negotiate look ok at the begin but then I start to receive these messages and the tunnel does not get established. 

My config parameters:

https://community.checkpoint.com/t5/Remote-Access-Solutions/Azure-Site-to-Site-VPn-fail/td-p/16102

I have tried to modify the timers following some Azure and Checkpoint documentation but without success. Adny idea about what coould be happening? Thank you very much. Best Regards.

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-03-27 04:23 PM

You'll probably need to debug what's happening.
General debugging information for VPNs are here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Trevor_Bruss
Contributor
‎2021-03-05 04:35 PM

You ever get a resolution on this? We're seeing this same kind of error frequently with a Palo Alto peer on the other end of our tunnel. Just curious.

0 Kudos
Wytoo
Participant
Participant
‎2023-12-15 02:47 AM
In response to Trevor_Bruss

Would also be interested in the solution. Got the same issue here as well with a cisco device on the other end.

0 Kudos
CIBC_Firewall_O
Explorer
‎2024-03-27 04:49 PM
In response to Wytoo

 Anybody who had this with ASA and resolved it ? Same issue here R80.40.
worth pointing its IKEv2

0 Kudos
Warhorse90
Explorer
‎2024-05-12 06:00 PM

I'm getting the same thing with R80.40 <> Azure Cloud VPN, has anyone found a solution to this? The SK listed above has also been deleted.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top