Jason
[NEBULA] How to estatblish Site to Site IPSec VPN between NSG and Microsoft Azure?
Options
Zyxel_Jason
Posts: 395 Zyxel Employee
Here is the example for the user who uses Zyxel NSG and Microsoft Azure and wants to configure Site-to-Site VPN configuration.
It only has a few simple steps to accomplish securitly VPN connection between two Cloud Management Platforms!
Scenario:
Let's begin with the steps on NSG and Microsoft Azure!
[For NSG] (Please note that NSG needs to have public IP, not behind NAT scenario.)
1. Go to Configure > Security gateway > Site-to-Site VPN.
2. Select "Outgoing Interface" and "Local networks".
3. Click "Add" in Non-Nebula VPN peers section and configure "Name", "Public IP", "Private subnet" and "Preshared secret" that matchs to peer device.
(10.10.0.4 is a pingable virtual machine in Azure network)
4. In IPsec policy, configure Preset as "Azure policy-based", the parameter of Phase 1 and 2 will be loaded by default settings of Microsoft Azure.
5. Click "OK" and "Save" to apply when everything is done.
[For Microsoft Azure]
1. Create Azure virtual network.
"Create a resource > Networking > Virtual network"
Configure required information.
2. Configure virtual network gateway.
"Create a resource > Networking > Virtual network gateway"
Gateway type = VPN
VPN type = Policy-based
Virtual network = Choose the virtual network you created.
Gateway subnet address range = It is OK to use system default.
Public IP address = Create new with a customize name.
3. Configure Local network gateway.
"Create a resource > Networking > Local network gateway"
IP address = Your NSG Public IP
Address space = The interface address you want to use VPN on NSG
4. Configure Site to Site VPN connection.
"All resources > Virtual network gateway(VPN-GW) > Connections > Add"
Connection type = Site-to-site(IPsec)
Local network gateway = Choose the local network gateway you created.
Shared key (PSK) = Configure key (Remember to be consistent with the configuration on NSG)
Verification:
From perspective of NSG, access to "Monitor > Security gateway > VPN connections" to check VPN status.
Ping test from PC(192.168.1.33), which is under NSG's LAN.
From perspective of Microsoft Azure, click "All resources > Connection(NSG_Azure_VPN)" to check VPN status.
Ping test from VM host(Win10 PC), which is on Azure network.
It only has a few simple steps to accomplish securitly VPN connection between two Cloud Management Platforms!
Scenario:
Let's begin with the steps on NSG and Microsoft Azure!
[For NSG] (Please note that NSG needs to have public IP, not behind NAT scenario.)
1. Go to Configure > Security gateway > Site-to-Site VPN.
2. Select "Outgoing Interface" and "Local networks".
3. Click "Add" in Non-Nebula VPN peers section and configure "Name", "Public IP", "Private subnet" and "Preshared secret" that matchs to peer device.
(10.10.0.4 is a pingable virtual machine in Azure network)
4. In IPsec policy, configure Preset as "Azure policy-based", the parameter of Phase 1 and 2 will be loaded by default settings of Microsoft Azure.
5. Click "OK" and "Save" to apply when everything is done.
[For Microsoft Azure]
1. Create Azure virtual network.
"Create a resource > Networking > Virtual network"
Configure required information.
2. Configure virtual network gateway.
"Create a resource > Networking > Virtual network gateway"
Gateway type = VPN
VPN type = Policy-based
Virtual network = Choose the virtual network you created.
Gateway subnet address range = It is OK to use system default.
Public IP address = Create new with a customize name.
3. Configure Local network gateway.
"Create a resource > Networking > Local network gateway"
IP address = Your NSG Public IP
Address space = The interface address you want to use VPN on NSG
4. Configure Site to Site VPN connection.
"All resources > Virtual network gateway(VPN-GW) > Connections > Add"
Connection type = Site-to-site(IPsec)
Local network gateway = Choose the local network gateway you created.
Shared key (PSK) = Configure key (Remember to be consistent with the configuration on NSG)
Verification:
From perspective of NSG, access to "Monitor > Security gateway > VPN connections" to check VPN status.
Ping test from PC(192.168.1.33), which is under NSG's LAN.
From perspective of Microsoft Azure, click "All resources > Connection(NSG_Azure_VPN)" to check VPN status.
Ping test from VM host(Win10 PC), which is on Azure network.
Tagged:
1
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight