Creating Site-to-Site VPN to Windows Azure…
-
Hi,
There's been a thread on connecting to AWS using site-to-site VPN, but none for Azure so I thought I'd share my findings so someone else can benefit from those.
Spent some time on this as not all features are documented (yet I hope) on generic VPN boxes. Only Cisco and Juniper are apparently supported using autoconfig scripts from Microsoft.
Settings are from reverse-engineering on those as well as some power-googling.
Since the service is still in beta, the settings are subject to changes. I'll update what I've posted in case I see these changes.But for connecting, these are the settings you need:
Phase1 settings:
Remote gateway: as listed in Azure Management portal
Authentication method: Mutual PSK
Negotiation mode: main
My identifier: My IP address
Peer identifier: Peer IP address
Encryption: 3DES
Has: SHA1
DH group: 2
SA: 28800
NAT-T: EnablePhase 2:
Mode: Tunnel
Local Network: your local network / the network you designated as your local network in the virtual network you created in Azure Management Portal
Remote Network: The network you created as a virtual network and assigned to your VPN gateway
Protocol: ESP
Encryption: 3DES
Hash: SHA1
PFS: Off
SA: 3600Regards,
Anders -
Such a useful tip!
I've managed to get it connected, but cant connect to anything. Cant see anything in the firewall logs - any pointers?
-
From which end are you having trouble?
How is the firewall in your pfSense box configured for the IPsec and LAN interface? And which connections are you not getting through?
Regards,
Anders