Upgrading The IPsec/IKE Policy To The Azure Site-To-Site VPN Connection Using The PowerShell Command

Introduction

 
There are several industries that are using Microsoft Azure to deploy their server or services, to get high performance, and reliable services.
 
The IPsec and IKE protocol standard supports a wide range of cryptographic algorithms in various combinations. The IKEv1 connections are allowing for Basic SKUs only, and the IKEv2 connections are allowing for all VPN gateway SKUs. The IKEv2 protocols are allowing higher standard VPN algorithms and key values.
 
In this article, we are going to learn how to configure an IPsec/IKE policy for site-to-site (S2S) VPN connections using the PowerShell ISE.
 
Step 1
 
Before upgrading the Connection, please verify the following steps are configured in the Azure portal.
  • Virtual Network
  • Gateway subnet
  • VPN Gateway
  • Local Network Gateway
  • VPN connection
If you are not configuring the VPN setup please follow this link, to learn about Implementing Azure Site To Site VPN.
 
Step 2
 
In the Azure Portal, go to the correct “Resource group” and then open the “VPN Connection”.
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Step 3
 
Finding the correct parameters to enter the PowerShell script.
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
  • $RG1 = Resource Group Name – Copy the Resource Group Name “Site-1”
  • $connection1 = VPN Connection Name – Copy the VPN Connection Name “Site1-to-Site2”
  • $connection2 = Get the VPN Connection to assign the parameters
  • $ipsecpolicy1 = Assigning the IKEv2/IPsec Parameters
  • $connection2.SharedKey = VPN Connection Pre-Shared Key Information – Copy the Shared Key
  • $connection2.IpsecPolicies= Verify the Connection Status
Step 4
 
Define the parameters according to the customer’s requirement.
  1. $RG1="Site-1"  
  2. $connection1="Site1-to-Site2"  
  3. $connection2=Get-AzureRmVirtualNetworkGatewayConnection-Name$connection1-ResourceGroupName$RG1  
  4.   
  5. $ipsecpolicy1=New-AzureRmIpsecPolicy-IkeEncryptionAES256-IkeIntegritySHA256-DhGroupDHGroup2-IpsecEncryptionAES256-IpsecIntegritySHA256-PfsGroupPFS2-SALifeTimeSeconds28800-SADataSizeKilobytes102400000  
  6. $connection2.SharedKey ="asd@@123456@@asd"  
  7.   
  8. Set-AzureRmVirtualNetworkGatewayConnection-VirtualNetworkGatewayConnection$connection2-IpsecPolicies$ipsecpolicy1  
  9. $connection2=Get-AzureRmVirtualNetworkGatewayConnection-Name$connection1-ResourceGroupName$RG1  
  10. $connection2.IpsecPolicies   
Step 5
 
Connect the Azure portal using the PowerShell ISE, Type Connect-AzureRmAccount and then Click Run Selection (F8). In the Credentials dialog box enter your email address and the password.
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Step 6
 
Now you can verify that you are successfully logged in to Azure, make sure it's the correct “Subscription”. If the subscription is wrong select the correct subscription using the following command: Select-AzureRmSubscription"Subscription Name"
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Step 7
 
Run the following commands step by step
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Step 8
 
Run the “Set-AzureRmVirtualNetworkGatewayConnection” the command to apply the IPsec/IKEv2 parameters when you run the command the Overwrite confirmation dialog box will appear, hit Yes to apply the parameters.
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 
Step 9
 
Now we can verify the connection has been upgraded to the new parameter using the below command.
 
Upgrading the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using the PowerShell Command
 

Summary

 
In this article, we have learned how to upgrade the VPN Connection parameters using the PowerShell commands, in our next article we will learn how to configure the VPN Connection Parameters using the Azure Portal.


IFS R&D International (Private) Limited
IFS is a global enterprise software vendor providing solutions that help companies get better return