Creating Site-to-Site VPN to Windows Azure…



  • Hi,

    There's been a thread on connecting to AWS using site-to-site VPN, but none for Azure so I thought I'd share my findings so someone else can benefit from those.
    Spent some time on this as not all features are documented (yet I hope) on generic VPN boxes. Only Cisco and Juniper are apparently supported using autoconfig scripts from Microsoft.
    Settings are from reverse-engineering on those as well as some power-googling.
    Since the service is still in beta, the settings are subject to changes. I'll update what I've posted in case I see these changes.

    But for connecting, these are the settings you need:

    Phase1 settings:

    Remote gateway: as listed in Azure Management portal
    Authentication method: Mutual PSK
    Negotiation mode: main
    My identifier: My IP address
    Peer identifier: Peer IP address
    Encryption: 3DES
    Has: SHA1
    DH group: 2
    SA: 28800
    NAT-T: Enable

    Phase 2:
    Mode: Tunnel
    Local Network: your local network / the network you designated as your local network in the virtual network you created in Azure Management Portal
    Remote Network: The network you created as a virtual network and assigned to your VPN gateway
    Protocol: ESP
    Encryption: 3DES
    Hash: SHA1
    PFS: Off
    SA: 3600

    Regards,
    Anders



  • Such a useful tip!

    I've managed to get it connected, but cant connect to anything.  Cant see anything in the firewall logs - any pointers?



  • From which end are you having trouble?

    How is the firewall in your pfSense box configured for the IPsec and LAN interface? And which connections are you not getting through?

    Regards,
    Anders


Locked