Site-to-Site VPN to Windows Azure

Hey, here's a good guide I wrote to setup multiple site-to-site IPsec tunnels

https://github.com/mariodivece/strongswan-bridge-guide

Hi all,

I´m looking for a solid working configuration to establish a vpn to MS-Azure. I tried many different settings but I get no connection at all.

- tried or studied these settings:

- https://community.sophos.com/kb/en-us/126995

- https://community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access/55293/azure-site-to-site-unstable

- community.sophos.com/.../site-to-site-vpn-to-windows-azure

- http://www.stephens-blog.co.uk/sophos-utm-site-site-vpn-azure/

- docs.microsoft.com/.../

- https://docs.microsoft.com/de-de/azure/vpn-gateway/vpn-gateway-about-vpn-devices

- http://techbast.com/2015/02/step-by-step-site-to-site-vpn-microsoft-azure-and-sophos-utm-configuration.html

- https://theinternetguy.freshdesk.com/support/solutions/articles/1000248958-how-to-create-a-site-to-site-vpn-between-sophos-utm-9-x-and-microsoft-azure

- Used a simple PSK

- tried all possible encryption/hash combinations

- tried lifetime 28800/7800

- tried with/without IPsec PFS Group 2

- tried to use respond only mode

What I can observe is a difference between initiate and /respond only mode:

Error Initiate Mode:

"S_AzureRZ"[1] 13.80.152.35 #720: sending encrypted notification INVALID_ID_INFORMATION to 13.80.152.35:500

Error Respondy Only Mode:

packet from 13.80.152.35:500: initial Main Mode message received on mypubip:500 but no connection has been authorized with policy=PSK

The only thing I didn´t try is to disable DPD. I have many vpn´s running fine, I don´t want to change a global setting to get one strange vpn running...

Any ideas?

I think I will open a ticket aswell...

Best Regards

Sebastian

Check out this KB - community.sophos.com/.../127546

Hi,

for what reason? That article is XG related. We now know, that in UTM 9.5 Ikev2 is not supported and so an Azure connection is not possible.

Sebastian, many have posted here about being able to setup an IPsec VPN with Azure.  I think the key is that you can't use the Azure Dynamic setting.

Cheers - Bob

Hi Bob,

I wasn´t aware of this. To that time I tried to establish a connection, it was not possible at all. Maybe, I will need to dig again, when it is requested.

But anyway, the provided link doesn´t help to solve the problem on utm.

Regards,

Sebastian

Hey did you had any luck configuring the Site2Site VPN?   We are trying do to the same, but cant seem to get a working (or at least stable) connection.