Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Route based VPN with Azure

Hi everyone, 

On my demo device I've been trying to get a Route Based VPN running to Azure. But so far.. unsuccessful. I was hoping someone had a tutorial that shows me what/how to configure this from A-Z. 

What I've done so far: 

My setup: 

internal network: 172.16.5.0/24 - NET_172.16.5.0_24 (eth4)
CP using PPPOE dial-up no eth2

Setup Azure - this works with other FW's so should be good (192.168.8.0/22) and GWIP 1.2.3.4 

in CP SC: 

Create a Network object (Azure_NET) with the address space 192.168.8.0/22

Create an Interoperable device (Azure_GW) with 1.2.3.4 and Azure_NET as the VPN Domain

Create a Star VPN community - CP is Center, Azure_GW is satellite

Set the IkeV2 only, set the encryption ; set the pre-shared key - one tunnel per GW pair 

under Security Rules:

CP->AzureGW IKE ALLOW
AzureGW->CP IKE ALLOW

NET_172.16.5.0_24 -> Azure_NET - Any ALLOW
Azure_NET -> NET_172.16.5.0_24 - Any ALLOW

on CP object:
VPN-Link selection : selected external address

in WebUI: 

Create a new VPN Tunnel interface, Unnumbered - physical == internal eth4 (my internal network NIC)

Create a new route: 192.168.8.0/22 --> vpnt1

 

Now I see the tunnel coming up, as in the logs I see: Child SA exchange: Created a child SA successfully, but after that 0 traffic over the tunnel itself.. 

 

Help?

0 Kudos
Reply
2 Replies
Champion
Champion

I would involve TAC here - seems you are assuming how to set parameters but have no relevant documentation...

0 Kudos
Reply
Explorer

I dont have an active support contract, I'm just trying to learn/do something with CP.. 

 

Is there a way to involve TAC without a paid support contract?

0 Kudos
Reply