Introduction
There are several industries that are using Microsoft Azure to deploy their server or services, to get high performance, and reliable services.
The IPsec and IKE protocol standard supports a wide range of cryptographic algorithms in various combinations. The IKEv1 connections are allowing for Basic SKUs only, and the IKEv2 connections are allowing for all VPN gateway SKUs. The IKEv2 protocols are allowing higher standard VPN algorithms and key values.
In this article, we are going to learn how to configure an IPsec/IKE policy for site-to-site (S2S) VPN connections using the PowerShell ISE.
Step 1
Before upgrading the Connection, please verify the following steps are configured in the Azure portal.
- Virtual Network
- Gateway subnet
- VPN Gateway
- Local Network Gateway
- VPN connection
If you are not configuring the VPN setup please follow this
link, to learn about Implementing Azure Site To Site VPN.
Step 2
In the Azure Portal, go to the correct “Resource group” and then open the “VPN Connection”.
Step 3
Finding the correct parameters to enter the PowerShell script.
- $RG1 = Resource Group Name – Copy the Resource Group Name “Site-1”
- $connection1 = VPN Connection Name – Copy the VPN Connection Name “Site1-to-Site2”
- $connection2 = Get the VPN Connection to assign the parameters
- $ipsecpolicy1 = Assigning the IKEv2/IPsec Parameters
- $connection2.SharedKey = VPN Connection Pre-Shared Key Information – Copy the Shared Key
- $connection2.IpsecPolicies= Verify the Connection Status
Step 4
Define the parameters according to the customer’s requirement.
- $RG1="Site-1"
- $connection1="Site1-to-Site2"
- $connection2=Get-AzureRmVirtualNetworkGatewayConnection-Name$connection1-ResourceGroupName$RG1
-
- $ipsecpolicy1=New-AzureRmIpsecPolicy-IkeEncryptionAES256-IkeIntegritySHA256-DhGroupDHGroup2-IpsecEncryptionAES256-IpsecIntegritySHA256-PfsGroupPFS2-SALifeTimeSeconds28800-SADataSizeKilobytes102400000
- $connection2.SharedKey ="asd@@123456@@asd"
-
- Set-AzureRmVirtualNetworkGatewayConnection-VirtualNetworkGatewayConnection$connection2-IpsecPolicies$ipsecpolicy1
- $connection2=Get-AzureRmVirtualNetworkGatewayConnection-Name$connection1-ResourceGroupName$RG1
- $connection2.IpsecPolicies
Step 5
Connect the Azure portal using the PowerShell ISE, Type Connect-AzureRmAccount and then Click Run Selection (F8). In the Credentials dialog box enter your email address and the password.
Step 6
Now you can verify that you are successfully logged in to Azure, make sure it's the correct “Subscription”. If the subscription is wrong select the correct subscription using the following command: Select-AzureRmSubscription"Subscription Name"
Step 7
Run the following commands step by step
Step 8
Run the “Set-AzureRmVirtualNetworkGatewayConnection” the command to apply the IPsec/IKEv2 parameters when you run the command the Overwrite confirmation dialog box will appear, hit Yes to apply the parameters.
Step 9
Now we can verify the connection has been upgraded to the new parameter using the below command.
Summary
In this article, we have learned how to upgrade the VPN Connection parameters using the PowerShell commands, in our next article we will learn how to configure the VPN Connection Parameters using the Azure Portal.