AnsweredAssumed Answered

IPsecVPN to Azure gateway (Perm tunnel + RIM)

Question asked by iain.53f4cc38-3a73-42c7-bea6-380e4b9b5ee2 on Sep 20, 2018
Latest reply on Sep 24, 2018 by Dameon Welch-Abernathy

Hi mates,

I'm hoping you can lend your expertise to this issue. The high level goal is to set up permanent VPN tunnels from an R80.10 CP gateway on prem to an Azure VPN gateway so that we can use RIM to inject routes to the Azure resources back into the internal on prem network. (Don't want to use VTI's and BGP)

 

The tunnel works well if permanent tunnels aren't set. The tunnel comes and Azure resources are accessible.

When enabling permanent tunnels on the VPN community (mesh) the tunnel comes up, IKE and IPSec SA's establish and resources in Azure are accessible but crucially smartview monitor sees the tunnel as down and this is reported in the logs as well. Thus RIM isn't going to inject routes.

Log details and smartview monitor showing tunnel is down

SA's are up

Azure resources accessible

Extra info

tunnel_keepalive_method set to dpd on both the on prem CP gateway and the interoperable object (guidbedit setting)

keep_IKE_SAs is enabled (adv VPN in global properties)

 

My question(s)

Is it achievable to have perm tunnels and RIM with an Azure VPN gateway?

If so, what settings should be used in order to achieve it?

 

Many thanks in advance

Iain

Outcomes