Your local firewall may only support the IKEv1 VPN. This is common with Meraki devices. In this case you will need to create a policy-based VPN in the Azure portal. There are three main components to a policy-based VPN in Azure. The Virtual Network Gateway, the Local Network Gateway and Connection will need to be created in the Azure portal.
If you will only utilize the IKEv1 protocol for VPN connections to Nerdio for Azure and do not need to see status in Nerdio, DO NOT enable the “VPN Connections & On-Ramp Regions” option under the NAP’s Network Module inside the VPN Connections settings.
If this has been enabled (shown below) Please follow these steps to prepare to add a IKEv1 capable tunnel.
- Login to the Azure Portal with your administrative account
- Under Home>Resource Groups> (Your Resource Group)> Overview you will find a list of resources for your Azure Resource Group
- Check and Delete the “VPNGateway(x)”
Creating a New Virtual Network Gateway
- Login to the Azure Portal with your administrative account
- Under Home>Resource Groups> (Your Resource Group)> Overview you will find a list of resources for your Azure Resource Group
- In the overview you will find an “Add” button, click this to open the Marketplace
- Search for “Virtual Network Gateway” and click “Create”
- This will bring you to the “Create Virtual Network Gateway” screen
Note: Ensure that the Region matches your existing Virtual Network Region, if these do not match, you will not be able to select your existing Virtual Network resource
Please complete the Virtual Network Gateway configuration with all required information with the options shown above. Ensure that the VPN Type is set to “Policy-Based”. You will also have the option to set a Public or existing IP address. If a Public IP address resource is already available, you can use this if preferred. In this case, we chose to “Create New”. You will be given this IP address later.
- Click “Review + Create” to complete the Virtual Network Gateway creation
Note: The creation of a Virtual Network Gateway can take from 30-60 minutes to complete.
Creating a Local Network Gateway
- Login to the Azure Portal with your administrative account
- Under Home>Resource Groups> (Your Resource Group)> Overview you will find a list of resources for your Azure Resource Group
- In the overview you will find an “Add” button, click this to open the Marketplace
- Search the Marketplace for “Local Network Gateway” and click “Create”
- Configure the Local Network Gateway settings to match those of your local Network.
Please Note: IP Address refers to your local public address and ensure that you’ve assigned the Local Network Gateway to the proper Resource Group
- Once complete, click “Create” this should complete shortly
Creating a Connection
- Login to the Azure Portal with your administrative account
- Under Home>Resource Groups> (Your Resource Group)> Overview you will find a list of resources for your Azure Resource Group
- In the overview you will find an “Add” button, click this to open the Marketplace
- Search for “ConnecttionConnection” and click “Create”
- Complete the Connection creation
- Step 1 Basics. Connection Type must be set to Site-to-site (IPsec)
- Step 2 Settings: Choose the Nerdio Virtual Network Gateway that was previously created.
- Step 1 Basics. Connection Type must be set to Site-to-site (IPsec)
Choose the Local Network Gateway that was previously created.
Name the Connection and set a Shared Key (PSK)
Click “Ok” to review the Connection Summary and “OK” again to create.
The VPN is now configured for the Azure Portal. Please configure your local firewall settings to connect to the Azure VPN with the settings you’ve provided in these steps.
After completion of the policy based VPN in Azure and after the NAP has refreshed you will be able to monitor the status of the VPN Tunnel in the Network Module of the NAP under the VPN Connections, but will only be able to make changes via the Azure portal.
Comments (0 comments)