156
edits
Changes
Setting up a Site-to-Site IPsec Tunnel between Teltonika Networks and Microsoft Azure (view source)
Revision as of 01:06, 4 June 2024
, 4 June→Check Site to Site Communication
If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''"
If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''"
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
=Topology=
[[File:VNGW_TN_Topology.png|none|border|center|class=tlt-border|600px]]
=Prerequisite=
=Prerequisite=
===Finish the VPN gateway configuration===
===Finish the VPN gateway configuration===
----
----
After finishing the previous configuration, you can continue with the tags. This section is not mandatory; therefore, we’ll leave it as default and click on '''Review + create''' to check that the network gateway has the parameters shown below, and then click on the '''Create''' button to finish.
After finishing the previous configuration, you can continue with the tags. This section is not mandatory; therefore, we left it as default and clicked on '''Review + create''' to check that the network gateway has the parameters shown below, and then click on the '''Create''' button to finish the configuration.
[[File:VNGW_06.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW_06.png|none|border|left|class=tlt-border|600px]]
In the search bar, look for "Local Network Gateways" and click on '''Create'''.
In the search bar, look for "Local Network Gateways" and click on '''Create'''.
[[File:VNGW_07.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW_09.png|600px|center]]
Fill in the configuration fields accordingly and add the remote router address space (LAN network) and the FQDN if the router does not have a static public IP address on its WAN interface.
'''Fill in the configuration fields accordingly and add the remote router address space (LAN network) and the FQDN if the router does not have a static public IP address on its WAN interface.
'''
'''Projects details'''
'''Projects details'''
[[File:VNGW__10.png|600px|center]]
[[File:VNGW_08.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW__11.png|600px|center]]
[[File:VNGW_09.png|none|border|left|class=tlt-border|600px]]
Verify the configuration and click on '''Create''' to finish.
Verify the configuration and click on '''Create''' to finish.
[[File:VNGW_12.png|600px|center]]
[[File:VNGW_10.png|none|border|left|class=tlt-border|600px]]
==Create a connection==
==Create a connection==
Search for "Connections" and create a new one:
Search for "Connections" and create a new one:
[[File:VNGW_11.png|none|border|left|class=tlt-border|600px]]
'''Complete the connection settings using the information and images below as reference:'''
Complete the connection settings using the information and images below as reference:
[[File:VNGW_14.png|600px|center]]
[[File:VNGW_12.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW_15.png|600px|center]]
[[File:VNGW_13.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW_16.png|600px|center]]
[[File:VNGW_14.png|none|border|left|class=tlt-border|600px]]
Click on '''Review + Create''', then verify the configuration and click on '''Create''' to finish.
'''Note:''' the tag field can be leaved empty.
[[File:VNGW_18.png|600px|center]]
[[File:VNGW_15.png|none|border|left|class=tlt-border|600px]]
=Teltonika device configuration=
=Teltonika Device Configuration=
==DDNS configuration==
==DDNS configuration==
[[File:TN_DDNS.png|600px|center]]
[[File:TN_DDNS.png|none|border|left|class=tlt-border|600px]]
[[File:TN_DDNS02.png|600px|center]]
[[File:TN_DDNS02.png|none|border|left|class=tlt-border|600px]]
==IPsec configuration==
==IPsec configuration==
Locate the following path: WebUI > Services > IPsec ; and a new instance:
Locate the following path: '''WebUI > Services > IPsec''' ; and a new instance:
[[File:TN_IPSEC01.png|600px|center]]
[[File:TN_IPSEC01.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec02.png|600px|center]]
[[File:TN_IPsec02.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec03.png|600px|center]]
[[File:TN_IPsec03.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec04.png|600px|center]]
[[File:TN_IPsec04.png|none|border|left|class=tlt-border|600px]]
'''Note:''' in this example, we use DH Group equals to MODP1024 which is the same to Group 2 selected on the Azure platform.
'''Note:''' in this example, we use DH Group equals to MODP1024 which is the same to Group 2 selected on the Azure platform.
[[File:TN_IPsec05.png|600px|center]]
[[File:TN_IPsec05.png|none|border|left|class=tlt-border|600px]]
=Check Site to Site Communication=
=Check Site to Site Communication=
If you followed the configuration steps, you should see that the Site to Site connection has been successfully established.
If you followed the configuration steps, you should see that the Site to Site connection has been successfully established.
[[File:TN_IPsec06.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec06.png|600px|center]]
[[File:TN_IPsec07.png|600px|center]]
[[File:TN_IPsec07.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec08.png|600px|center]]
[[File:TN_IPsec08.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec09.png|600px|center]]
[[File:TN_IPsec09.png|none|border|left|class=tlt-border|600px]]
Connect to the VM in Azure, test connectivity to the Router’s LAN interface.
Connect to the VM in Azure, test connectivity to the Router’s LAN interface.
[[File:TN_IPsec10.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec10.png|600px|center]]
=See Also=
=See Also=