Line 12: |
Line 12: |
| ---- | | ---- |
| | | |
− | Log into the Azure portal, search for "Virtual Network Gateways" and click on "Create". | + | Log into the Azure portal, search for "Virtual Network Gateways" and click on '''Create'''. |
| <br> </br> | | <br> </br> |
| [[File:VNGW_01.png|600px|center]] | | [[File:VNGW_01.png|600px|center]] |
Line 56: |
Line 56: |
| [[File:VNGW_07.png|600px|center]] | | [[File:VNGW_07.png|600px|center]] |
| | | |
− | Click on "Review + create", check that the network gateway has the parameters as shown below, and click on the "Create" button to finish. | + | Click on '''Review + create''', check that the network gateway has the parameters as shown below, and click on the '''Create''' button to finish. |
| <br> </br> | | <br> </br> |
| [[File:VNGW_08.png|600px|center]] | | [[File:VNGW_08.png|600px|center]] |
Line 62: |
Line 62: |
| ===Create a local network Gateway=== | | ===Create a local network Gateway=== |
| ---- | | ---- |
− | In the search bar, look for "Local Network Gateways" and click on "Create". | + | In the search bar, look for "Local Network Gateways" and click on '''Create'''. |
| <br> </br> | | <br> </br> |
| [[File:VNGW_09.png|600px|center]] | | [[File:VNGW_09.png|600px|center]] |
Line 84: |
Line 84: |
| [[File:VNGW_11.png|600px|center]] | | [[File:VNGW_11.png|600px|center]] |
| | | |
− | Verify the configuration and click on "Create" to finish. | + | Verify the configuration and click on '''Create''' to finish. |
| <br> </br> | | <br> </br> |
| [[File:VNGW_12.png|600px|center]] | | [[File:VNGW_12.png|600px|center]] |
Line 111: |
Line 111: |
| * '''Use Azure Private IP Address:''' Unchecked. | | * '''Use Azure Private IP Address:''' Unchecked. |
| * '''IPsec/IKE policy:''' Custom. | | * '''IPsec/IKE policy:''' Custom. |
− | * '''IKE Phase 1:''' Encryption: AES256 ; Integrity/PRF: SHA1 ; DH Group: DHGroup2 | + | * '''IKE Phase 1:''' Encryption: AES256 , Integrity/PRF: SHA1 , DH Group: DHGroup2. |
− | * '''IKE Phase 2:''' Encryption: AES256 ; IPsec Integrity: SHA1 ; PFS Group: None | + | * '''IKE Phase 2:''' Encryption: AES256 , IPsec Integrity: SHA1 , PFS Group: None. |
| * '''IPsec SA lifetime in KiloBytes:''' 0. | | * '''IPsec SA lifetime in KiloBytes:''' 0. |
| * '''IPsec SA lifetime in seconds:''' 10800. | | * '''IPsec SA lifetime in seconds:''' 10800. |
Line 135: |
Line 135: |
| '''Note:''' the tag field can be leaved empty. | | '''Note:''' the tag field can be leaved empty. |
| <br> </br> | | <br> </br> |
− | Check that the parameters match and click on "Create" | + | Check that the parameters match and click on '''Create'''. |
| <br> </br> | | <br> </br> |
| [[File:VNGW_18.png|600px|center]] | | [[File:VNGW_18.png|600px|center]] |
Line 144: |
Line 144: |
| Log into the router via WebUI. | | Log into the router via WebUI. |
| <br> </br> | | <br> </br> |
− | In case you don’t have a public IP address on the WAN interface, you can enable the Dynamic DNS service as explained here [[DDNS Configuration Examples]] | + | In case you don’t have a public IP address on the WAN interface, you can enable the Dynamic DNS service as explained here: [[DDNS Configuration Examples]] |
| <br> </br> | | <br> </br> |
| '''Path:''' WebUI > Services > Dynamic DNS. | | '''Path:''' WebUI > Services > Dynamic DNS. |
Line 156: |
Line 156: |
| ===IPsec configuration=== | | ===IPsec configuration=== |
| ---- | | ---- |
| + | Locate the following path: WebUI > Services > IPsec ; and a new instance: |
| + | <br> </br> |
| + | [[File:TN_IPSEC01.png|600px|center]] |
| + | <br> </br> |
| + | [[File:TN_IPsec02.png|600px|center]] |
| + | <br> </br> |
| + | [[File:TN_IPsec03.png|600px|center]] |
| + | <br> </br> |
| + | [[File:TN_IPsec04.png|600px|center]] |
| + | |
| + | '''Note:''' in this example, we use DH Group equals to MODP1024 which is the same to Group 2 as selected on the platform. |
| + | <br> </br> |
| + | [[File:TN_IPsec05.png|600px|center]] |
| | | |
| ==Check Site to Site Communication== | | ==Check Site to Site Communication== |
| + | If you followed the configuration steps, you should see that the Site to Site connection has been successfully established. |
| + | <br> </br> |
| + | |
| + | '''Instance details''' |
| + | * '''Enable:''' On. |
| + | * '''Authentication method:''' Pre-shared key. |
| + | * '''Pre-shared key:''' Your pre-shared key. |
| + | * '''Local Identifier:''' Empty. |
| + | * '''Remote Identifier:''' Empty. |
| + | |
| + | '''General Settings''' |
| + | * '''Mode:''' Start. |
| + | * '''Type:''' Tunnel. |
| + | * '''Default route:''' off. |
| + | * '''Local Subnet:''' The router local network(s). |
| + | * '''Remote Subnet:'''The virtual network you want to reach in your Virtual environment hosted in Azure. |
| + | * '''Key Exchange:'''IKEv2 |
| + | |
| + | '''Advanced Settings''' |
| + | * '''Dead peer detection:''' On. |
| + | * '''DPD action:''' Restart. |
| + | * '''DPD delay:''' 45. |
| + | * '''Leave all the other advanced settings as default.''' |
| + | |
| + | '''Proposal Settings''' |
| + | * '''Phase 1:''' Encryption: AES256 , Authentication: SHA1 , DH Group: MODP1024. |
| + | * '''Phase 2:''' Encryption: AES256 , Hash: SHA1 , PFS Group: No PFS. |
| + | * '''Force crypto Proposal:''' off. |
| + | * '''lifetimes''' Empty. |
| + | |
| + | <br> </br> |
| + | [[File:TN_IPsec06.png|600px|center]] |
| + | <br> </br> |
| + | You can also check in the Azure platform that the connection has been established: |
| + | <br> </br> |
| + | [[File:TN_IPsec07.png|600px|center]] |
| + | <br> </br> |
| + | Check connectivity between the router LAN and a VM inside the Azure virtual network you may have: |
| + | <br> </br> |
| + | [[File:TN_IPsec08.png|600px|center]] |
| + | <br> </br> |
| + | Test connectivity from a host in the router’s LAN to the VM: |
| + | <br> </br> |
| + | [[File:TN_IPsec09.png|600px|center]] |
| + | <br> </br> |
| + | Connect to the VM in Azure, test connectivity to the Router’s LAN interface. |
| + | <br> </br> |
| + | [[File:TN_IPsec10.png|600px|center]] |
| + | |
| + | ==See Also== |
| + | * [[Dynamic DNS]] - general information on the DDNS service. |
| + | * [[DDNS Configuration Examples]] - additional examples for different DDNS providers. |
| + | |
| + | ==External links== |
| + | * https://www.noip.com |
| + | * https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal |