Reply
Member
Posts: 118
Registered: ‎01-09-2013
Kudos: 31

Site-to-Site ER-POE to Windows Azure

[ Edited ]

for Wiki purposes:

 

Here is how to connect an Edgemax Router to Windows Azure as of December 2013

 

1. create vpn in azure

2. configure the vpn using the following commands from the cli

set vpn ipsec disable-uniqreqids
set vpn ipsec esp-group
ponycorn
set vpn ipsec esp-group ponycorn lifetime 3600
set vpn ipsec esp-group ponycorn pfs disable
set vpn ipsec esp-group ponycorn mode tunnel
set vpn ipsec esp-group ponycorn proposal 1
set vpn ipsec esp-group ponycorn proposal 1 encryption aes256
set vpn ipsec esp-group ponycorn proposal 1 hash sha1
set vpn ipsec esp-group ponycorn compression disable

set vpn ipsec ike-group alpaca
set vpn ipsec ike-group alpaca lifetime 28800
set vpn ipsec ike-group alpaca proposal 1
set vpn ipsec ike-group alpaca proposal 1 dh-group 2
set vpn ipsec ike-group alpaca proposal 1 encryption aes256
set vpn ipsec ike-group alpaca proposal 1 hash sha1

set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec logging log-modes all
set vpn ipsec nat-traversal enable

set vpn ipsec site-to-site peer <azure gateway ip address>
set vpn ipsec site-to-site peer <azure gateway ip address> local-ip <local public ip address>
set vpn ipsec site-to-site peer <azure gateway ip address> authentication mode pre-shared-secret
set vpn ipsec site-to-site peer <azure gateway ip address> authentication pre-shared-secret <azure shared key>
set vpn ipsec site-to-site peer <azure gateway ip address> connection-type initiate
set vpn ipsec site-to-site peer <azure gateway ip address> default-esp-group
ponycorn
set vpn ipsec site-to-site peer <azure gateway ip address> ike-group alpaca

set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1
set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1 esp-group
ponycorn
set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1 local subnet <subnet for lan>
set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1 remote subnet <subnet for azure virtual address space>
set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1 allow-nat-networks disable
set vpn ipsec site-to-site peer <azure gateway ip address> tunnel 1 allow-public-networks disable

set nat source rule <first rule or before masquerade to WAN> destination address <subnet for azure virtual address space>
set nat source rule <first rule or before masquerade to WAN> 'exclude'
set nat source rule <first rule or before masquerade to WAN> outbound-interface <wan interface>
set nat source rule <first rule or before masquerade to WAN> source address <subnet for lan>
set nat source rule <first rule or before masquerade to WAN> translation address 'masquerade'

What is it with you people and your Omni's?
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5471
Solutions: 1656
Contributions: 2

Re: Site-to-Site ER-POE to Windows Azure

Nice work! Would you be interested in turning this into a Knowledge Base article? Thanks for your contributions!

Member
Posts: 118
Registered: ‎01-09-2013
Kudos: 31

Re: Site-to-Site ER-POE to Windows Azure

Absolutely! I am going to work on connect ing edge routers to all enterprise devices etc will write KB article
What is it with you people and your Omni's?
Member
Posts: 250
Registered: ‎02-03-2014
Kudos: 19
Solutions: 9

Re: Site-to-Site ER-POE to Windows Azure

I'm just wondering if there have been any updates to this now that IPSec Site-to-Site is included in the GUI?

Reply