I've just setup a VPN for our customer and we are getting failures. The Endpoint Gateways should be using SHA1 but Microsoft are trying to communicate with SHA2 on Phase-1
set security ike proposal azure-proposal authentication-method pre-shared-keys
set security ike proposal azure-proposal authentication-algorithm sha1
set security ike proposal azure-proposal encryption-algorithm aes-256-cbc
set security ike proposal azure-proposal lifetime-seconds 28800
set security ike proposal azure-proposal dh-group group2
set security ike policy azure-policy mode main
I found the Log on the Firewall endpoint receiving a SHA2-256
| 2016-05-09 17:05:35 iked (ONPREMIP<->AZUREIP)IKE phase-1 negotiation from ONPREMIP:500 to AZUREIP:500 failed. Gateway-Endpoint='AZUREVPN' Reason=Received hash SHA2-256, expecting SHA1 id="0203-0005" | Debug |
I've double checked the Firewall for settings matching the cfg files.
infologic telecom