To start - we have a successful S2S VPN from our location to a 'Classic' Azure Virtual Network and it works great. I copied the working config on my firewall for the 'Classic' connection and changed the IPs to the new public IP address we received when we created ARM virtual network and get nothing. We were successfully able to create an ARM virtual network and bind it ARM VM. We use Sophos UTM applicances. Any help would be appreciated as this has been quite frustrating for us.
Here are the IPsec settings for the working tunnel -
Below is a copy of the JSON file we are using (sanitized). Tried with both Route based and Policy based and no luck.
{"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion": "1.0.0.0","parameters": {"location": {"type": "string","defaultValue": "West US","metadata": {"description": "Region where the resources will be deployed"
},"allowedValues": ["East US","East US 2","East Asia","West US","West Europe","Southeast Asia","South Central US","East US 2","Japan East","Japan West","Central US"
]
},"vpnType": {"type": "string","metadata": {"description": "Route based or policy based"
},"defaultValue": "PolicyBased","allowedValues": ["RouteBased","PolicyBased"
]
},"localGatewayName": {"type": "string","defaultValue": "localGateway","metadata": {"description": "Arbitrary name for gateway resource representing your local/on-prem gateway"
}
},"localGatewayIpAddress": {"type": "string","defaultValue": "74.87.XX.XX","metadata": {"description": "Public IP of your local/on-prem gateway"
}
},"localAddressPrefix": {"type": "string","defaultValue": "10.1.0.0/16","metadata": {"description": "CIDR block representing the address space of your local/on-prem network's Subnet"
}
},"virtualNetworkName": {"type": "string","defaultValue": "azureVnet","metadata": {"description": "Arbitrary name for the Azure Virtual Network"
}
},"azureVNetAddressPrefix": {"type": "string","defaultValue": "10.10.0.0/16","metadata": {"description": "CIDR block representing the address space of the Azure VNet"
}
},"subnetName": {"type": "string","defaultValue": "Subnet1","metadata": {"description": "Aribtrary name for the Azure Subnet"
}
},"subnetPrefix": {"type": "string","defaultValue": "10.10.1.0/24","metadata": {"description": "CIDR block for VM subnet, subset of azureVNetAddressPrefix address space"
}
},"gatewaySubnetPrefix": {"type": "string","defaultValue": "10.10.0.0/24","metadata": {"description": "CIDR block for gateway subnet, subsset of azureVNetAddressPrefix address space"
}
},"gatewayPublicIPName": {"type": "string","defaultValue": "azureGatewayIP","metadata": {"description": "Aribtary name for public IP resource used for the new azure gateway"
}
},"gatewayName": {"type": "string","defaultValue": "azureGateway","metadata": {"description": "Arbitrary name for the new gateway"
}
},"connectionName": {"type": "string","defaultValue": "Azure2Other","metadata": {"description": "Arbitrary name for the new connection between Azure VNet and other network"
}
},"sharedKey": {"type": "string","defaultValue": "XXXIamNotSharingWithYouXXX","metadata": {"description": "Shared key (PSK) for IPSec tunnel"
}
}
},"variables": {"vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]","gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/','GatewaySubnet')]","subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]","api-version": "2015-06-15"
},"resources": [
{"apiVersion": "[variables('api-version')]","type": "Microsoft.Network/localNetworkGateways","name": "[parameters('localGatewayName')]","location": "[parameters('location')]","properties": {"localNetworkAddressSpace": {"addressPrefixes": ["[parameters('localAddressPrefix')]"
]
},"gatewayIpAddress": "[parameters('localGatewayIpAddress')]"
}
},
{"apiVersion": "[variables('api-version')]","name": "[parameters('connectionName')]","type": "Microsoft.Network/connections","location": "[parameters('location')]","dependsOn": ["[concat('Microsoft.Network/virtualNetworkGateways/', parameters('gatewayName'))]","[concat('Microsoft.Network/localNetworkGateways/', parameters('localGatewayName'))]"
],"properties": {"virtualNetworkGateway1": {"id": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('gatewayName'))]"
},"localNetworkGateway2": {"id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localGatewayName'))]"
},"connectionType": "IPsec","routingWeight": 10,"sharedKey": "[parameters('sharedKey')]"
}
},
{"apiVersion": "[variables('api-version')]","type": "Microsoft.Network/virtualNetworks","name": "[parameters('virtualNetworkName')]","location": "[parameters('location')]","properties": {"addressSpace": {"addressPrefixes": ["[parameters('azureVNetAddressPrefix')]"
]
},"subnets": [
{"name": "[parameters('subnetName')]","properties": {"addressPrefix": "[parameters('subnetPrefix')]"
}
},
{"name": "GatewaySubnet","properties": {"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
},
{"apiVersion": "[variables('api-version')]","type": "Microsoft.Network/publicIPAddresses","name": "[parameters('gatewayPublicIPName')]","location": "[parameters('location')]","properties": {"publicIPAllocationMethod": "Dynamic"
}
},
{"apiVersion": "[variables('api-version')]","type": "Microsoft.Network/virtualNetworkGateways","name": "[parameters('gatewayName')]","location": "[parameters('location')]","dependsOn": ["[concat('Microsoft.Network/publicIPAddresses/', parameters('gatewayPublicIPName'))]","[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],"properties": {"ipConfigurations": [
{"properties": {"privateIPAllocationMethod": "Dynamic","subnet": {"id": "[variables('gatewaySubnetRef')]"
},"publicIPAddress": {"id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('gatewayPublicIPName'))]"
}
},"name": "vnetGatewayConfig"
}
],"gatewayType": "Vpn","vpnType": "[parameters('vpnType')]","enableBgp": "false"
}
}
]
}