![]() ![]() This should help customers identify what they have on Azure against what they need to configure on the Check Point device." "The subnet-to-subnet is what Azure calls "policy-based VPN" and gateway-to-gateway is what Azure calls "route-based VPN". Reading sk101275 brings more confusion - as it mentions. So if I turn on "One VPN Tunnel per Gateway Pair" do I need to convert the tunnel to a route based VPN? ![]() my understanding of "One VPN Tunnel per Gateway Pair" is to simply to have one IPSEC SA between the gateways, and I am assuming Azure has a similar setting? Or am I reading this incorrectly. I am thinking there is a mis-interpretation between Checkpoint and Azure definition of "gateway-to-gateway". which utilises VTI, which VSX doesn't support. their interpretation was convert the tunnel to route based VPN. when I mentioned to the Azure engineer Changing Azure peer to "gateway-to-gateway". Make sure all the settings match with sk101275 on both sides. Please select "One VPN Tunnel per Gateway Pair" and on remote side mention "gateway-to-gateway" and push policy again and reset the tunnel again. ![]() UpdateEspSA: Invalid chosen proposal ((nil)) or order (0xaf8a2c8)." "ikeChildSAExchange_i::updateSA: entering. īy checking debugs i can see some errors Checkpoint is sending "deletes" because of SAs mismatch, Our VSX is still on 80.40.Īfter this our policy based VPN tunnel into Azure has become unstable, raising it with Checkpoint TAC they came back with. ![]() We upgraded our SMS from a 3050 to 6000L and migrated to R81. Currently we have a VSX which has a VPN into Azure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |