02-25-2022 02:02 AM
Hi, now I am trying to build a S-2-S VPN tunnel between my cisco asa 5516-x and Azure VPN.
The problem is that IPSEC needs settings:
Encryption: GCMAES256
Integrity: GCMAES256
At Cisco, when I chose encryption: GCMAES256, then automatic Integrity value is null.
In Azure do I need to change the setting = null or somewhere in my ASA?
Solved! Go to Solution.
02-25-2022 02:16 AM
@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....
"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell
02-25-2022 02:04 AM
@m.petrov1 with AES-GCM you do not need to specify an integrity algorithm, as the integrity function is built in with GCM. That is why integrity is null on cisco devices.
02-25-2022 02:13 AM
Thanks, my question is does it have to be a = null value for Azure to work.
02-25-2022 02:16 AM
@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....
"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: