Skip to content

Commit 6aa8305

Browse files
PRMerger20PRMerger20
authored
Merge pull request #97189 from damendo/patch-1
Updating parameters
2 parents eed89b5 + 0815265 commit 6aa8305

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/network-watcher/network-watcher-diagnose-on-premises-connectivity.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ You want to configure a site-to-site connection between Azure and on-premises us
3838

3939
Detailed step by step guidance for configuring a Site-to-Site configuration can be found by visiting: [Create a VNet with a Site-to-Site connection using the Azure portal](../vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal.md).
4040

41-
One of the critical configuration steps is configuring the IPsec communication parameters, any misconfiguration leads to loss of connectivity between the on-premises network and Azure. Currently Azure VPN Gateways are configured to support the following IPsec parameters for Phase 1. Note, as mentioned earlier these settings cannot be modified. As you can see in the table below, the encryption algorithms supported by Azure VPN Gateway are AES256, AES128, and 3DES.
41+
One of the critical configuration steps is configuring the IPsec communication parameters, any misconfiguration leads to loss of connectivity between the on-premises network and Azure. Currently Azure VPN Gateways are configured to support the following IPsec parameters for Phase 1. As you can see in the table below, the encryption algorithms supported by Azure VPN Gateway are AES256, AES128, and 3DES.
4242

4343
### IKE phase 1 setup
4444

@@ -49,7 +49,7 @@ One of the critical configuration steps is configuring the IPsec communication p
4949
| Authentication Method |Pre-Shared Key |Pre-Shared Key |
5050
| Encryption Algorithms |AES256 AES128 3DES |AES256 3DES |
5151
| Hashing Algorithm |SHA1(SHA128) |SHA1(SHA128), SHA2(SHA256) |
52-
| Phase 1 Security Association (SA) Lifetime (Time) |28,800 seconds |10,800 seconds |
52+
| Phase 1 Security Association (SA) Lifetime (Time) |28,800 seconds |28,800 seconds |
5353

5454
As a user, you would be required to configure your FortiGate, a sample configuration can be found on [GitHub](https://github.com/Azure/Azure-vpn-config-samples/blob/master/Fortinet/Current/fortigate_show%20full-configuration.txt). Unknowingly you configured your FortiGate to use SHA-512 as the hashing algorithm. As this algorithm is not a supported algorithm for policy-based connections, your VPN connection does work.
5555

0 commit comments

Comments
 (0)