Create a Post
Showing results for 
Search instead for 
Did you mean: 

Issue configuring VPN with VTI between Checkpoint and Azure


I am trying to make work a VPN tunnel between a Checkpoint Firewall (R80.10 Tale 259) and Azure but I am getting the following error:


Notify Payload

Critical: No
Length: 40
Next payload: Notify
Protocol: 0
Type: Quick Crash Detection Token
ndata: 1c 61 db 62 ad 9a 5b 98 3f 64 1b d1 c8 69 a2 b0 6f 0d c5 79 79 94 6c 15 02 3b 6a 16 df 1f be 43
spisize: 0


And then:


Notify Payload

Critical: No
Length: 8
Next payload: None
Protocol: IKE
Type: Invalid IKE SPI
spisize: 0


It is weird because Phase 1 and Phase 2 negotiate look ok at the begin but then I start to receive these messages and the tunnel does not get established. 

My config parameters:

I have tried to modify the timers following some Azure and Checkpoint documentation but without success. Adny idea about what coould be happening? Thank you very much. Best Regards.



0 Kudos
2 Replies

You'll probably need to debug what's happening.
General debugging information for VPNs are here:
0 Kudos

You ever get a resolution on this? We're seeing this same kind of error frequently with a Palo Alto peer on the other end of our tunnel. Just curious.

0 Kudos