PDA

View Full Version : Azure vpn



larsdemo
2014-07-24, 03:50
I am wondering if there is someone who succesfully created a site to site VPN with a UTM-1 Edge and Azure cloud

mcnallym
2014-07-24, 07:37
I haven't created one with an Edge Device but have created a VPN to Azure from a regular Check Point Gateway.

Providing you specify a Static VPN and a Virtual Network at Azure then don't see why would be a problem with an Edge Device.

PhoneBoy
2014-07-24, 09:18
Covered in sk101275 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101275).

larsdemo
2014-07-25, 04:38
I have seen the sk and i know it sounds strange, but i get an error

I have build the setup serveral times, and tried all settings...

Failed to establish VPN tunnel with payload malformed - possibly a mismatch in pre-shared keys <phase1 stage5>

I am 100% sure the key is not the problem.

The first error i got was

Connecting from ip x.x.x.x with user failed reason: l2tp server is disabled

after enabling the l2tp server on the edge firewall this error disapears and the
Failed to establish VPN tunnel with payload malformed - possibly a mismatch in pre-shared keys <phase1 stage5>
error starts popping up...

larsdemo
2014-07-25, 09:33
Just rebuilt the whole thing and used a safe@office on another internet connection.
Exactly same errors....

larsdemo
2014-07-25, 09:54
according to the post i found on other forum you need respond only gateway, and probing of pre shard key...
I dont have any idea if this edge supports this ?


*Hi, Astaro support was able to get things up and running for me. The trick is to use a respond only gateway to azure and the policies need to match the following:

Gateway:
Gateway type: response only

IKE encryption: AES 128
IKE authentication:SHA1
IKE SA: 28800
IKE DH: Group 2: MODP 1024

IPSec encryption: AES 128
IPSec authentication:SHA1
IPSec SA: 28800
IPSec PFS: None

You will also need to enable probing of preshared keys on the advanced tab.

Hopefully this helps someone else. *