How to estatblish Site to Site IPSec VPN between NSG and Microsoft Azure?

Nebula_JasonNebula_Jason Zyxel Official Agent Posts: 50  mod
edited December 17, 2018 5:51PM in Configurations
Here is the example for the user who uses Zyxel NSG and Microsoft Azure wants to configure Site to Site VPN configuration.
It only has few simple steps to accomplish securitly VPN connection between two Cloud Management Platform!

Scenario:



Let's begin with the steps on NSG and Microsoft Azure!

For NSG: (Please note that NSG needs to have public IP, not behind NAT.)
1. Go to "GATEWAY > Configure > Site-to-Site VPN".
2. Select "Outgoing Interface" and "Local networks".
3. Click "Add" in Non-Nebula VPN peers section and configure "Name", "Public IP", "Private subnet" and "Preshared secret".
(10.10.0.4 is a pingable virtual machine in Azure network)

4. In IPsec policy, configure Preset as "Azure", the parameter of Phase 1 and 2 will be loaded by default for Microsoft Azure automatically.
5. Click "OK" and "Save" to apply when everything is done.

For Microsoft Azure:
1. Create Azure virtual network.
"Create a resource > Networking > Virtual network"
Configure required information.

2. Configure virtual network gateway.
"Create a resource > Networking > Virtual network gateway"

Gateway type = VPN
VPN type = Policy-based
Virtual network = Choose the virtual network you created.
Gateway subnet address range =  It is OK to use system default.
Public IP address = Create new with a customize name.


3. Configure Local network gateway.
"Create a resource > Networking > Local network gateway"


IP address = Your NSG Public IP
Address space =  The interface address you want to use VPN on NSG

4. Configure Site to Site VPN connection.
"All resources > Virtual network gateway(VPN-GW) > Connections > Add"


Connection type = Site-to-site(IPsec)
Local network gateway = Choose the local network gateway you created.
Shared key (PSK) = Configure key (Remember to be consistent with the configuration on NSG)


Verification:
On NSG, "GATEWAY > Monitor > VPN connection"

On PC(192.168.1.33) which is under NSG's LAN.

On Microsoft Azure, "All resources > Connection(NSG_Azure_VPN)"

On VM(Win10 PC) which is on Azure network.

Jason
Sign In to comment.