We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall F
Barracuda NextGen Firewall F

How to Configure an IKEv1 IPsec Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

  • Last updated on

You can configure your local Barracuda NextGen Firewall F-Series to connect to the static IPsec VPN gateway service in the Windows Azure cloud using an IKEv1 IPsec VPN tunnel.

Azure_VPN_Gateway.png

Before you Begin

  • Create and configure a Windows Azure static VPN Gateway for your virtual network.
  • You will need the following information:
    • VPN Gateway
    • External IP address for the Barracuda NextGen Firewall F-Series
    • Remote and local networks.

Step 1. Create a Network in the Windows Azure Cloud

Create a virtual Network in the Windows Azure cloud. Choose subnets which are not present in your local networks to avoid IP address conflicts.

  1. Log into your Windows Azure Management Portal (https://manage.windowsazure.com[1]).
  2. In the left pane click NETWORKS.
    azVPN01.png
  3. In the bottom left corner click + NEW.
  4. Click CUSTOM CREATE. The create a virtual network windows opens.
  5. Enter the Name for the network.
  6. Select an affinity group or create a new affinity group.
  7. Click NEXT AzureNextArrow.png.
    azVPN02.png
  8. (optional) Enter or select a DNS server. 
  9. In the right panel enable Configure site-to-site VPN.
  10. Select Specify a New Local Network from the LOCAL NETWORK drop down.
    azVPN03.png
  11. Click Next AzureNextArrow.png.
  12. Enter a NAME for your local on-premises network.
  13. Enter the VPN DEVICE IP ADDRESS. This is the external IP address of the Barracuda NextGen Firewall F-Series running the VPN service.
  14. In the ADDRESS SPACE section enter the on-premise network(s). E.g., 10.10.200.0/24
  15. Click Next AzureNextArrow.png.
    azVPN04.png
  16. In the Virtual Network Address Spaces section click add subnet:
    • Subnet – Enter a name for the subnet.
    • Starting IP – Enter the first IP of the IP Range for the subnet. E.g., 10.10.201.0
    • CIDR(ADDRESS COUNT) – Select the subnet mask from the list. E.g., /24 for 256 IP addresses.
  17. Click add gateway subnet:
    • Starting IP – Enter the first IP for the gateway subnet. E.g., 10.10.201.0
    • CIDR (ADDRESS COUNT) – Select the subnet mask from the list. E.g., /29 for 8 IP addresses.
      azVPN05.png
  18. Click OK AzureOK.png.

The Azure Virtual Network you have just created is now listed in the NETWORK menu in the Azure management interface.

Step 2. Create a VPN Gateway for the Windows Azure Network

Create the Azure VPN Gateway.

  1. Log into your Windows Azure Management Portal (https://manage.windowsazure.com[2]).
  2. In the left pane click NETWORKS.
    azVPN01.png
  3. Click on the Network previously created in Step 1.
    azVPN07.png
  4. in the top menu click on DASHBOARD.
  5. In the bottom pane, click CREATE GATEWAY.
    azVPN08.png
  6. Select Static Routing from the list. Creating the gateway will take a couple of minutes.

When the color of the gateway turns blue, the gateway has been successfully created. The Gateway IP is now displayed below the VPN Gateway image.

azVPN09.png

Step 3. Configure IPsec Site-to-Site VPN on the Barracuda NextGen Firewall F-Series

Create an active IPsec VPN connection on the local Barracuda NextGen Firewall F-Series.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > Site to Site.
  2. Click the IPSEC IKEv1 Tunnels tab.
  3. Click Lock.
  4. Right-click the table and select New IPsec IKEv1 tunnel. The IPsec Tunnel window opens.
  5. In the Name field, enter your tunnel name. E.g., NG2AzureVPNGateway
  6. In the Basics tab enter the Phase1 and Phase2 encryption settings:
    • Phase 1
      • Encryption – Select AES-256
      • Hash Meth. – Select SHA
      • DH Group – Select Group 2.
      • Lifetime – Enter 28800.
    • Phase 2
      • Encryption – Select AES-256.
      • Hash Meth. – Select SHA256.
      • Perfect Forward Secrecy – Disable.
      • Lifetime – Enter 3600
      Azure_ipsec01.png
  7. Configure the local network settings. Click the Local Networks tab and specify the following settings:
    • Local IKE GatewayEnter the external IP address of the Barracuda NextGen Firewall F-Series. E.g., 62.99.0.40
    • Network AddressEnter your local on-premise network and click Add.  E.g., 10.10.200.0/24
      Azure_ipsec02.png
  8. Configure the remote network settings. Click the Remote Networks tab and specify the following settings:
    • Remote IKE GatewayEnter the Gateway IP Address of the Azure VPN Gateway created in Step 2. E.g., 137.117.205.83
    • Network AddressEnter the Azure subnet(s) configured in the Azure Virtual Network and click Add. E.g., 10.10.201.0/24.
      Azure_ipsec03.png

    Click on the Peer Identification tab and enter the Azure MANAGE KEY passphrase.
    azVPN06.pngAzure_ipsec04.png

  9. Click OK.
  10. Click Send Changes and Activate.

Step 4. Create a Access Rule

Create a pass access rule to allow traffic from the local network to the remote network.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Firewall Rules.
  2. Create a PASS access rule:
    • Bi-Directional – Enable.
    • Source  – Select the local on-premise network(s). 
    • Service – Select the service you want to have access to the remote network or ALL for complete access. 
    • Destination – Select the network object containing the remote Azure Virtual Network subnet(s).
    • Connection Method – Select Original Source IP
    access_rule01.png
  3. Click OK.
  4. Move the access rule up in the rule list, so that it is the first rule to match this traffic.
  5. Click Send Changes and Activate.

Your Barracuda NextGen Firewall F-Series will now automatically connect to the Azure VPN Gateway.

azVPN10.png

Last updated on