Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 29 subscribers
  • Views 7125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone has experience on VPN IPsec ( site to site ) beetwen XG 17.x and Azure ?

MarcoCaserio

Now are in a  migration from  an SG to XG and i need to know if i can maintain ikev1 ( policy based ) ipsec vpn also in XG . Otherwise i need to change azure and XG configuration for a route policy base ( ike v2 ). The ikev2 configuration seem the only supported configuration, but we have many trouble in a such configuration.

Thanks Marco



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

    Reading the MS KB 

     

    They state your on premises policy based VPN device must support IKEv2 so that rules out a lot of devices like the UTM. 

     

    With the custom IPsec/IKE policy, you can now configure Azure route-based VPN gateways to use prefix-based traffic selectors with option "PolicyBasedTrafficSelectors", to connect to on-premises policy-based VPN devices. This capability allows you to connect from an Azure virtual network and VPN gateway to multiple on-premises policy-based VPN/firewall devices, removing the single connection limit from the current Azure policy-based VPN gateways.

     Important

    1. To enable this connectivity, your on-premises policy-based VPN devices must support IKEv2 to connect to the Azure route-based VPN gateways. Check your VPN device specifications.
    2. The on-premises networks connecting through policy-based VPN devices with this mechanism can only connect to the Azure virtual network; they cannot transit to other on-premises networks or virtual networks via the same Azure VPN gateway.
    3. The configuration option is part of the custom IPsec/IKE connection policy. If you enable the policy-based traffic selector option, you must specify the complete policy (IPsec/IKE encryption and integrity algorithms, key strengths, and SA lifetimes).
  • 0 in reply to bz351

    Hi  

    Thank you for taking the time to share this.

    Would it be possible to also PM me with your support case number so that I can follow up?

    Regards,