Share via

Using SHA1 for ipsec integrity for a VPN gateway point-to-site connection

kok boon 20 Reputation points
2023-10-17T02:55:51.38+00:00

As referred from this page: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

The combination of AES256/SHA1/NONE is valid, but when trying to set the policy using

New-AzVpnClientIpsecParameter -IkeEncryption AES256 -IkeIntegrity SHA1 -DhGroup DHGroup24 -IpsecEncryption AES256 -IpsecIntegrity SHA1 -PfsGroup PFS24

got an error:

New-AzVpnClientIpsecParameter: Cannot validate argument on parameter 'IpsecIntegrity'. The argument "SHA1" does not belong to the set "GCMAES256,GCMAES128,SHA256" specified by the ValidateSet attribute.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
Accepted answer
  1. KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator
    2023-10-25T05:54:14.93+00:00

    @kok boon

    I checked this behavior internally and our Product Team confirmed that the supported "-IpsecIntegrity" values are GCMAES256, GCMAES128, SHA256 only.

    The values provided in the What IKE/IPsec policies are configured on VPN gateways for P2S? are default values and are not available for a custom policy

    You can refer to the supported values for any Parameters in the "Accepted values" section of New-AzVpnClientIpsecParameter for a Custom Policy

    I have created a work item to update the document, highlighting the above.

    Thanks,

    Kapil

    Please Accept an answer if correct.

    Original posters help the community find answers faster by identifying the correct answer.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.