Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Edu_Amores
Explorer

Issue configuring VPN with VTI between Checkpoint and Azure

Hello,

I am trying to make work a VPN tunnel between a Checkpoint Firewall (R80.10 Tale 259) and Azure but I am getting the following error:

 

Notify Payload

Critical: No
Length: 40
Next payload: Notify
Protocol: 0
Type: Quick Crash Detection Token
ndata: 1c 61 db 62 ad 9a 5b 98 3f 64 1b d1 c8 69 a2 b0 6f 0d c5 79 79 94 6c 15 02 3b 6a 16 df 1f be 43
spisize: 0

 

And then:

 

Notify Payload

Critical: No
Length: 8
Next payload: None
Protocol: IKE
Type: Invalid IKE SPI
spisize: 0

 

It is weird because Phase 1 and Phase 2 negotiate look ok at the begin but then I start to receive these messages and the tunnel does not get established. 

My config parameters:

https://community.checkpoint.com/t5/Remote-Access-Solutions/Azure-Site-to-Site-VPn-fail/td-p/16102

I have tried to modify the timers following some Azure and Checkpoint documentation but without success. Adny idea about what coould be happening? Thank you very much. Best Regards.

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You'll probably need to debug what's happening.
General debugging information for VPNs are here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Trevor_Bruss
Contributor

You ever get a resolution on this? We're seeing this same kind of error frequently with a Palo Alto peer on the other end of our tunnel. Just curious.

0 Kudos
Wytoo
Explorer
Explorer

Would also be interested in the solution. Got the same issue here as well with a cisco device on the other end.

0 Kudos
CIBC_Firewall_O
Explorer

 Anybody who had this with ASA and resolved it ? Same issue here R80.40.
worth pointing its IKEv2

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events