Creating Site-to-Site VPN to Windows Azure…

  • Hi,

    There's been a thread on connecting to AWS using site-to-site VPN, but none for Azure so I thought I'd share my findings so someone else can benefit from those.
    Spent some time on this as not all features are documented (yet I hope) on generic VPN boxes. Only Cisco and Juniper are apparently supported using autoconfig scripts from Microsoft.
    Settings are from reverse-engineering on those as well as some power-googling.
    Since the service is still in beta, the settings are subject to changes. I'll update what I've posted in case I see these changes.

    But for connecting, these are the settings you need:

    Phase1 settings:

    Remote gateway: as listed in Azure Management portal
    Authentication method: Mutual PSK
    Negotiation mode: main
    My identifier: My IP address
    Peer identifier: Peer IP address
    Encryption: 3DES
    Has: SHA1
    DH group: 2
    SA: 28800
    NAT-T: Enable

    Phase 2:
    Mode: Tunnel
    Local Network: your local network / the network you designated as your local network in the virtual network you created in Azure Management Portal
    Remote Network: The network you created as a virtual network and assigned to your VPN gateway
    Protocol: ESP
    Encryption: 3DES
    Hash: SHA1
    PFS: Off
    SA: 3600


  • Such a useful tip!

    I've managed to get it connected, but cant connect to anything.  Cant see anything in the firewall logs - any pointers?

  • From which end are you having trouble?

    How is the firewall in your pfSense box configured for the IPsec and LAN interface? And which connections are you not getting through?