Step 1 - Configurations in the Azure Management Portal

Creating a Gateway Subnet

1. Access the Azure Management Portal and go to Virtual networks.

   

2. Click the virtual network to which you wan to create the gateway and click Subnets.

   

3. Click + Gateway subnet. The system populates the subnet name as Gateway subnet by default.

   

4. (Optional) Adjust the auto-filled Address range values. This subnet is used for the Virtual Gateway only.

   If this range is not auto-filled:

   1. Go to address space and click +Add.

   2. Select a random /27 bit mask subnet space. For example, 10.1.255.0/27.

Creating a Virtual Network Gateway

1. Access the Azure Management Portal and click +Create a resource.

   

2. Search for Virtual Network Gateway and click it in the search results.

   

3. Click Create.

   

4. The Create virtual network gateway window appears.

   

5. Enter these:

   1. Name - Name of the gateway.

   2. Region - Region where your resources are located.

   3. Gateway type - VPN.

   4. SKU - Select the gateway SKU from the list. The SKUs listed depends on the selected VPN.

   5. Virtual network - The Virtual network that contains the resources you want to reach through the tunnel.

      The Choose a virtual network page appears.

      Note - If you do not see your VNet, make sure your virtual network is located in the selected Region.

   6. Subnet - Subnet range for your virtual network.

      This setting appears only when you create a gateway subnet for your virtual network for the first time.

   7. Public IP address - Click Create New or choose an existing IP used by your organization.

      

   8. Enable active-active mode - Disabled.

   9. Configure BGP - Disabled.

   10. Click Review+create.

       The system starts to create the VPN gateway and it may take up to 45 minutes to complete.

Creating a Local Network Gateway

1. Access the Azure Management Portal and click +Create a resource.

   

2. Search for Local network gateway and click it in the search results.

   

3. Click Create.

   

   The Create local network gateway page appears.

   

4. Enter these:

   1. Name - Name of your gateway.

   2. IP address - IP address of your gateway.

      

   3. Address Space - subnet.

      Make sure that these ranges do not overlap with other networks' ranges that you want to connect to.

   4. Subscription - Verify that the value is correct.

   5. Resource Group - Select the resource group that you want to use. Create a new resource group or select one that you have already created.

   6. Location - Select the location where this object is created.

      (Optional) Select the location in which your Virtual Network resides.

   7. SKU - Select the gateway SKU from the list. The SKUs listed depends on the selected VPN.

5. Click Create.

Creating the IPSecTunnel Connection

1. Access the Azure Management Portal and go to your Virtual Network Gateway page.

2. Go to Settings and click Connections.

   

3. Click +Add.

   

   The Create connection window appears.

   

4. In the Basics tab, enter these:

   1. Connection type - Site-to-site (IPSec).

   2. Name - Name of the connection.

5. Click Next: Settings >.

   The Settings tab appears.

   

6. Enter these:

   1. Virtual network gateway - IP address you receive from Azure. The value is static.

   2. Local network gateway - Local network gateway (your network address) which you have created. The value is static.

   3. Shared Key (PSK) - Create a unique key value. This must match with the key value used for the tunnel.

   4. IKE Protocol - IKev2.

   5. DPD timeout in seconds - 30

7. Click Review + Create to create your connection.

8. Select the connection you just created and click configuration.

   The Configuration window appears.

   

9. Enter these:

   1. IPsec / IKE policy - Select Custom and use these values to align with the values set in tunnel settings.

      1. Encryption - AES256

      2. Integrity/PRF - SHA1

      3. DH Group - DHGroup2

      4. IPsec Encryption - AES256

      5. IPsec Integrity - SHA1

      6. PFS Group - PFS2

      7. IPsec SA lifetime in KiloBytes - 102400000

      8. IPsec SA lifetime in seconds - 27000

10. Go to Overview > Download configuration.

    

11. Enter these:

    1. Device vendor - Generic Samples

    2. Device family - Device Parameters

    3. Firmware version - 1.0

12. Click Download Configuration.

    The system downloads the configuration file.

Step 2 - Creating the Tunnel in the

1. To automatically populate the tunnel configuration values, in the General Settings section, click Upload File and upload the configuration file downloaded from the Azure Management Portal.

2. For manual configuration, in the General Settings section, enter these:

   1. Name - Name of the tunnel.

   2. Shared Secret - Shared secret you set in the Azure Management Portal.

   3. Public IP - Public IP address of the Azure Virtual network gateway.

   4. Remote ID - Remote ID of Azure Virtual network gateway.

   5. Perimeter 81 Gateway Proposal Subnets - Any (0.0.0.0/0).

   6. Remote Gateway Proposal Subnets - Any (0.0.0.0/).

3. To enter the details in Advanced Settings section, open the configuration file downloaded from the Azure Management Portal and refer the

   [2] IPsec/IKE parameters.

   

4. Enter the information for your tunnel type:

5. Click Add Tunnel.

Verifying the VPN Connection in the Azure Management Portal

1. Access the Azure Management Portal and go to your Virtual Network Gateway page.

2. Go to Settings and click Connections.

   

3. In the connection you created, click the Overview tab.

   Make sure that the Status is Connected and that there is data coming in (Data in) and going out (Data out).