Hi Experts ,
Does any one have config guide for Ipsec VPN config between Azure and my cluster gateway.
My requirement is to establish tunnel between CP Cluster gateway to Azure .
Please try sk101275: How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Security Gateway.
Azure is the gateway based ,so in Selected gateway option need select peer gateway or Local gateway (public IP)
And in do need to any changes in Left hand side corner option "gateway"
Hi all ,
I have configured vpn community , for azure site to site vpn ,
But still have some issue , that from smart log once preshared key installed( key symbol ) getting rejected catogery in logs with mention IKE failure .
Not able to bring up tunnel .
And one more thing tried with permenant tunnel .
In azure they include Sadatasizekilobytes =102400000 kb for their ipsec profile,Do it's cause any issue ?For this failure .
Remaining encryption details configured same on both side.
Can any one have idea on this ???
I can only point to this: sk101275 How to setup Site-to-Site VPN between Microsoft Azure and an on premise Check Point Security Gateway ! Permanent tunnel is a CP feature only - with 3rd party, establish a client at one site that pings a client on the other side every now and then...
When you do a VPN / IKE Debug you should see which stage fails and why - if you can not explain the behaviour i would ask TAC for help.
Thanks Gunther for your kind support, This one solved.
While monitoring the tunnel after brought it up ..It was broken not frequently only one time recently .After resetting remote site end it came up .Is there any ways to troubleshoot further .
You can analyze the logs to find the reason that the VPN went down (on both sides).
Is there some information how to do Site to Site VPN connection to Azure with the SMB appliances. On the Microsoft site (About VPN devices for cross-premises Azure connections | Microsoft Docs ) I can read that the Minimum OS version for checkpoint is R77.30 on SMB appliances the latest version is R77.20.81. When I try to do VPN connection with R77.30 OS version (on 4600 appliances) the VPN work without any problem. Then I try with SMB appliances 1430 with the latest firmware/OS version R77.20.81 the VPN not work (with the same setting that I have for 4600 appliances).I would like to use RouteBased VPN connection with Azure.
When I try to do the VPN connection I can see that the Phase1 is up, but not Phase2. When I try to do the VPN debug I can not see anything in the ike.elg file. I check the ikev2.nmll file but looks like that I don't know how to read the file (ikeviewer).
Best regards, Peter
I would suggest to involve TAC and later post the results here!
Retrieving data ...