Step by Step configuration of Site-Site VPN between Microsoft Azure and an on premises Firewall
Following are the network details which we use to configure the Site-Site VPN between SonicWall Firewall & Microsoft Azure.
On premise Resources with SonicWall.
· LAN N/W:192.168.1.0/24
· Public IP:x.x.x.x [Use your own Public IP]
Azure Site Network
· Virtual Network:10.0.0.0/16
· Gateway Subnet:10.0.10.0/27
· Public IP: x.x.x.x [Use Public IP Assiged by Azure ]
Below given are the configuration for implementing our site-to site VPN.
Starting with Azure Side.
- Login Azure Portal with your credentials. https://portal.azure.com.
3.Click on Add button for creating the custom virtual network.
Now we created the below configuration in the virtual Network.
o ResourceGroup: czone
o Name: czone_virtual_network
o IPv4 Address Space:10.0.0.0/16
4.We add Subnet in same window while we create the Virtual Network by “Add Subnet“ button as shown below.
We add the Name:production and Subnet 10.0.1.0/24 and Click “Add” Button.
After adding the Tag we click the Review + Create Button.
5.Add GatewaySubnet under virtual network which we have created.
Then we added GatewaySubnet 10.0.10.0/27 and Click on the SAVE button.
6.Create Virtual Network Gateway
Here we create our own name [AZUR_SWL_SITE-SITE], Gatewaytype , VPN type , select our virtual network and create Public IP address or use the one we created which will be using in the configuration of VPN connection in SonicWall.
We add appropriate tag and click the create button. It will take less than 45 minutes for creating the Virtual Network Gateway.
The Overview of Virtual Network Gateway which we have created is shown below.
7. Create a new local network gateway. Here we have given the public IP of the SonicWall and the local network. In our case the local network of the SonicWall is 192.168.1.0/24 and Public IP:x.x.x.x
Click on Add Button
Add our on premise firewall IP[we are configuring with SonicWall, LAN IP & Public IP Address.]
And then click Create.
8. Add Connection under Virtual Gateway which we have created and provide a secure shared key. This shared key will be used in the SonicWall [firewall]Configuration.
Click on Connections and Click Add button on the top. Enter the Name, connection type as Site-to-Site[IPSec] and select our Virtual Network gateway which we have created. Select our local network gateway, add shared Key and click OK.
- Add address object of Azure local network with Zone “VPN”.
2.Click Add option under VPN and select as below.
Policy Type: Tunnel Interface
Authentication Method: IKE using PreShared Secret
Name: Azure VPN[As your own]
Shared Secret: Add key which we have created in the Connections under Virtual Network Gateway.
IPSec Primary Gateway Name and Address: You can get it from Public IP resource or Virtual Network Gateway
Local IKE ID:On premise Public IP
Peer IKE ID: Azure Public IP[You can get it from Public IP resource or Virtual Network Gateway ]
Click on Proposals tab and add as below.
Add option in Advanced tab as below and click OK .
If everything works fine, you can see the green light visible under VPN option SonicWall. Here you can only connect from Azure to onpremise, for viceversa you have to add routing in the SonicWall.
3.For Adding Routing, Go to network option under SonicWall and click add button and then add below configuration according to your VPN .
Give name to Route Policy and Select the interface which we have created earlier [AzureVpn] and the Metric value depends upon your company network policy if other routing is available.
After all the above configurations are done, you created Site-Site VPN with Azure and SonicWall on premises.
- We created a Linux VM in Azure and try to ping from machine to our local on premise network as shown below.
2. Details shown below are from onpremised to Azure Linux VM private IP.
Thank you all for sparing your valuable time to read this article…!if you guys find this article as helpful,please do share it with your friends.