Introduction
In our previous article we learned how to upgrade the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using PowerShell. In this article, we are going to learn how to configure an IPsec/IKE policy for site-to-site (S2S) VPN connections using the Azure Portal.
Step 1
Before upgrading the connection, please verify that the following steps are configured in the Azure portal.
- Virtual Network
- Gateway subnet
- VPN Gateway
- Local Network Gateway
- VPN connection
If you are not configuring the VPN setup please follow this
link to learn about Implementing Azure Site To Site VPN.
Step 2
In the Azure Portal, go to the correct “Resource group” and then open the “VPN Connection”.
In this demo our Connection name is “Site2-to-Site1”
Step 3
Make sure that the connection is up and running with any issue
Step 4
Go to the “Configuration” under the Settings.
Step 5
Configuration settings, select the IPsec / IKE policy to “Custom”, now we enter the IKE Phase 1 and IKE Phase 2 (IPsec) parameters.
Click here to learn more details about supported cryptographic algorithms and key strengths.
Step 6
Now we are going to enter the parameters for the IKE Phase 1 and IKE Phase 2 (IPsec). in this demo we are going to enter the below parameters.
- IKE Phase 1
- Encryption – AES256
- Integrity/PRF – SHA256
- DH Group – DHGroup2
- IKE Phase 2 (IPsec)
- IPsec Encryption – AES256
- IPsec Integrity – SHA256
- PFS Group – PFS2
- IPsec SA lifetime in KiloBytes – 102400000
- IPsec SA lifetime in seconds – 28800
Step 7
After entering the parameters click “Save”.
Note
Policy-based Traffic Selectors are not supported in Azure Stack Hub.
Important
Once the IPsec/IKE policy is upgraded to the connection, the Azure VPN gateway will only send or accept the IPsec/IKE proposal with specified cryptographic algorithms and key strengths on that particular connection. Make sure your on-premises VPN device for the connection uses or accepts the exact policy combination, otherwise the S2S VPN tunnel will not establish.
Summary
In this article, we have learned how to upgrade the VPN Connection parameters using the Azure Portal. In our previous article we learned to upgrade the VPN Connection parameters using the PowerShell commands. If you have any questions feel free to contact me.