cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1141
Views
45
Helpful
3
Replies

Cisco ASa 5516-X VPN with Azure

m.petrov1
Level 1
Level 1

Hi, now I am trying to build a S-2-S VPN tunnel between my cisco asa 5516-x and Azure VPN.
The problem is that IPSEC needs settings:
Encryption: GCMAES256
Integrity: GCMAES256
At Cisco, when I chose encryption: GCMAES256, then automatic Integrity value is null.

In Azure do I need to change the setting = null or somewhere in my ASA?

1 Accepted Solution

Accepted Solutions

@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....

 

"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"


https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

 

 

View solution in original post

3 Replies 3

@m.petrov1 with AES-GCM you do not need to specify an integrity algorithm, as the integrity function is built in with GCM. That is why integrity is null on cisco devices.

m.petrov1
Level 1
Level 1

Thanks, my question is does it have to be a = null value for Azure to work.

@m.petrov1 each vendor is different, null on cisco devices but from Azure docs....

 

"If GCMAES is used as for IPsec Encryption algorithm, you must select the same GCMAES algorithm and key length for IPsec Integrity; for example, using GCMAES128 for both"


https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell