Teltonika Networks Wiki

Changes

Setting up a Site-to-Site IPsec Tunnel between Teltonika Networks and Microsoft Azure (view source)

Revision as of 01:06, 4 June 2024

623 bytes added ,  4 June
→‎Check Site to Site Communication
Line 8: Line 8:  
If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''"
 
If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''"
 
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
 
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
 +
 +
=Topology=
 +
 +
[[File:VNGW_TN_Topology.png|none|border|center|class=tlt-border|600px]]
    
=Prerequisite=
 
=Prerequisite=
Line 18: Line 22:     
Log into the Azure portal, search for "Virtual Network Gateways" and click on '''Create'''.
 
Log into the Azure portal, search for "Virtual Network Gateways" and click on '''Create'''.
      
[[File:VNGW_01.png|none|border|left|class=tlt-border|600px]]
 
[[File:VNGW_01.png|none|border|left|class=tlt-border|600px]]
Line 59: Line 62:  
----
 
----
 
In case you do not have previously created a virtual network, click on the blue URL link to create one and use the default settings as shown in the image below:
 
In case you do not have previously created a virtual network, click on the blue URL link to create one and use the default settings as shown in the image below:
      
[[File:VNGW_05.png|none|border|left|class=tlt-border|600px]]
 
[[File:VNGW_05.png|none|border|left|class=tlt-border|600px]]
      
===Finish the VPN gateway configuration===
 
===Finish the VPN gateway configuration===
 
----
 
----
After finishing the previous configuration, you can continue with the tags. This section is not mandatory; therefore, we’ll leave it as default and click on '''Review + create''', to check that the network gateway has the parameters as shown below, and then click on the '''Create''' button to finish.
+
After finishing the previous configuration, you can continue with the tags. This section is not mandatory; therefore, we left it as default and clicked on '''Review + create''' to check that the network gateway has the parameters shown below, and then click on the '''Create''' button to finish the configuration.
 
      
[[File:VNGW_06.png|none|border|left|class=tlt-border|600px]]
 
[[File:VNGW_06.png|none|border|left|class=tlt-border|600px]]
      
==Create a local network Gateway==
 
==Create a local network Gateway==
Line 76: Line 75:  
In the search bar, look for "Local Network Gateways" and click on '''Create'''.
 
In the search bar, look for "Local Network Gateways" and click on '''Create'''.
   −
 
+
[[File:VNGW_07.png|none|border|left|class=tlt-border|600px]]
[[File:VNGW_09.png|600px|center]]
        −
Fill in the configuration fields accordingly and add the remote router address space (LAN network) and the FQDN if the router does not have a static public IP address on its WAN interface.
+
'''Fill in the configuration fields accordingly and add the remote router address space (LAN network) and the FQDN if the router does not have a static public IP address on its WAN interface.
 +
'''
    
'''Projects details'''
 
'''Projects details'''
Line 95: Line 94:       −
[[File:VNGW__10.png|600px|center]]
+
[[File:VNGW_08.png|none|border|left|class=tlt-border|600px]]
      −
[[File:VNGW__11.png|600px|center]]
+
[[File:VNGW_09.png|none|border|left|class=tlt-border|600px]]
    
Verify the configuration and click on '''Create''' to finish.
 
Verify the configuration and click on '''Create''' to finish.
      −
[[File:VNGW_12.png|600px|center]]
+
[[File:VNGW_10.png|none|border|left|class=tlt-border|600px]]
    
==Create a connection==
 
==Create a connection==
Line 109: Line 108:  
Search for "Connections" and create a new one:
 
Search for "Connections" and create a new one:
    +
[[File:VNGW_11.png|none|border|left|class=tlt-border|600px]]
   −
[[File:VNGW_13.png|600px|center]]
+
'''Complete the connection settings using the information and images below as reference:'''
 
  −
 
  −
Complete the connection settings using the information and images below as reference:
        Line 144: Line 141:       −
[[File:VNGW_14.png|600px|center]]
+
[[File:VNGW_12.png|none|border|left|class=tlt-border|600px]]
      −
[[File:VNGW_15.png|600px|center]]
+
[[File:VNGW_13.png|none|border|left|class=tlt-border|600px]]
      −
[[File:VNGW_16.png|600px|center]]
+
[[File:VNGW_14.png|none|border|left|class=tlt-border|600px]]
      Line 156: Line 153:       −
[[File:VNGW_17.png|600px|center]]
+
Click on '''Review + Create''', then verify the configuration and click on '''Create''' to finish.
 
  −
'''Note:''' the tag field can be leaved empty.
  −
 
  −
 
  −
Check that the parameters match and click on '''Create'''.
  −
 
     −
[[File:VNGW_18.png|600px|center]]
+
[[File:VNGW_15.png|none|border|left|class=tlt-border|600px]]
   −
=Teltonika device configuration=
+
=Teltonika Device Configuration=
    
==DDNS configuration==
 
==DDNS configuration==
Line 182: Line 173:       −
[[File:TN_DDNS.png|600px|center]]
+
[[File:TN_DDNS.png|none|border|left|class=tlt-border|600px]]
      Line 188: Line 179:       −
[[File:TN_DDNS02.png|600px|center]]
+
[[File:TN_DDNS02.png|none|border|left|class=tlt-border|600px]]
    
==IPsec configuration==
 
==IPsec configuration==
      −
Locate the following path: WebUI > Services > IPsec ; and a new instance:
+
Locate the following path: '''WebUI > Services > IPsec''' ; and a new instance:
      Line 224: Line 215:       −
[[File:TN_IPSEC01.png|600px|center]]
+
[[File:TN_IPSEC01.png|none|border|left|class=tlt-border|600px]]
      −
[[File:TN_IPsec02.png|600px|center]]
+
[[File:TN_IPsec02.png|none|border|left|class=tlt-border|600px]]
      −
[[File:TN_IPsec03.png|600px|center]]
+
[[File:TN_IPsec03.png|none|border|left|class=tlt-border|600px]]
      −
[[File:TN_IPsec04.png|600px|center]]
+
[[File:TN_IPsec04.png|none|border|left|class=tlt-border|600px]]
    
'''Note:''' in this example, we use DH Group equals to MODP1024 which is the same to Group 2 selected on the Azure platform.
 
'''Note:''' in this example, we use DH Group equals to MODP1024 which is the same to Group 2 selected on the Azure platform.
      −
[[File:TN_IPsec05.png|600px|center]]
+
[[File:TN_IPsec05.png|none|border|left|class=tlt-border|600px]]
    
=Check Site to Site Communication=
 
=Check Site to Site Communication=
 
If you followed the configuration steps, you should see that the Site to Site connection has been successfully established.
 
If you followed the configuration steps, you should see that the Site to Site connection has been successfully established.
   −
 
+
[[File:TN_IPsec06.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec06.png|600px|center]]
        Line 250: Line 240:       −
[[File:TN_IPsec07.png|600px|center]]
+
[[File:TN_IPsec07.png|none|border|left|class=tlt-border|600px]]
      Line 256: Line 246:       −
[[File:TN_IPsec08.png|600px|center]]
+
[[File:TN_IPsec08.png|none|border|left|class=tlt-border|600px]]
      Line 262: Line 252:       −
[[File:TN_IPsec09.png|600px|center]]
+
[[File:TN_IPsec09.png|none|border|left|class=tlt-border|600px]]
       
Connect to the VM in Azure, test connectivity to the Router’s LAN interface.
 
Connect to the VM in Azure, test connectivity to the Router’s LAN interface.
   −
 
+
[[File:TN_IPsec10.png|none|border|left|class=tlt-border|600px]]
[[File:TN_IPsec10.png|600px|center]]
  −
 
      
=See Also=
 
=See Also=
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/126540...126578"