Hello everyone,

I have been trying to setup a VPN between a Checkpoint R80.30 Cluster and Azure Virtual Network Gateway following sk101275 .

I am trying with a very standard IKEv1 Policy Based IPsec tunnel.

Private subnets behind Azure (10.10.0.0/21 and 10.20.0.0/21)

Private subnets behind Azure (172.30.0.0/24, 172.30.102.0/24, 172.30.24.0/24 etc.) (around 30 subnets)

I have specified the exact remote subnets for each side.

Made sure Phase1 and Phase2 parameters match.

The VPN seems to get established immediately. The Azure side shows as Connected and Checkpoint sees the Tunnel state as up. On checkpoint I run "vpn tu" and can see Phase1 and Phase2 SAs established.

I have a security policy allowing the traffic between the subnets.

Problem is we can't pass traffic.

When I try sending ICMP from a IP behind the checkpoint 172.30.0.51 to 10.10.2.4 I get a Reject log with the following info:

Reject Category: IKE Failure

VPN Failure: IKE

Encryption failure: Error occurred

Also I believe after a few minutes the tunnel flaps and gets re-established. I noticed that twice in around 20min.

When I filter for the IP I am trying to ping.

https://imgur.com/ZEllznb

https://imgur.com/G3BBDrn

When I filter for remote peer public IP

https://imgur.com/ScejoTZ

https://imgur.com/SFjgwRD

I can provide more information if needed.

Thanks!