02-25-2022 02:02 AM
Hi, now I am trying to build a S-2-S VPN tunnel between my cisco asa 5516-x and Azure VPN.
The problem is that IPSEC needs settings:
Encryption: GCMAES256
Integrity: GCMAES256
At Cisco, when I chose encryption: GCMAES256, then automatic Integrity value is null.
In Azure do I need to change the setting = null or somewhere in my ASA?
Solved! Go to Solution.
02-25-2022 02:16 AM
@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....
"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell
02-25-2022 02:04 AM
@m.petrov1 with AES-GCM you do not need to specify an integrity algorithm, as the integrity function is built in with GCM. That is why integrity is null on cisco devices.
02-25-2022 02:13 AM
Thanks, my question is does it have to be a = null value for Azure to work.
02-25-2022 02:16 AM
@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....
"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide