Cloud Edge Secure Access Getting Started Guide
- Cloud Edge Secure Access
- Welcome to SonicWall Cloud Edge!
- Prerequisites
- Installation
- Networks
- Groups and Members
- Securing the Platform
- Monitoring
- Compliance
- SonicWall Support
Microsoft Azure
This article describes how to establish a Site-To-Site IPSec VPN connection between your Azure server and SonicWall Cloud Edge network. Please follow the steps below:
Creating a gateway subnet
-
In your Azure Management Portal, navigate to the Virtual networks.
- Select the name of the Virtual Network to which you'd like to create a gateway.
-
Under the Settings section of your VNet page, select Subnets.
-
Select + Gateway subnet (the name of the subnet is filled in with the value "Gateway subnet" by default).
-
If needed, adjust the auto-filled Address range values to match your configuration requirements.
In case this range is not automatically filled in:
-
Go to address space-> +Add
-
Select a random /27 bit mask subnet space (for example 10.1.255.0/27)
-
Creating a virtual network gateway
-
On the left side of the portal page, select + and type Virtual Network Gateway in the Search line.
-
Locate and select the Virtual network gateway.
-
Select Create.
-
Fill in the fields with the following information:
- Name: Your gateway name.
- Region/Location: Your virtual network location/region where your resources are.
- Gateway type: Select VPN.
- VPN type: Select Route-based.
- SKU: Select the gateway SKU from the dropdown. The SKUs listed in the dropdown depend on the VPN you select.
-
Virtual network: Select the Virtual network that contains the resources you want to reach via the tunnel.
Select a Virtual network to open the Choose a virtual network page.
If you don't see your VNet, make sure the Location/Region field is pointing to the region in which your virtual network is located.
- Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network. If you previously created a valid gateway subnet, this field will not appear.
- Public IP address: This specifies the public IP address object that's associated with the VPN gateway. The public IP address is dynamically assigned to this object when the VPN gateway is created.
- Enable active-active mode: Disabled.
- Configure BGP ASN: Disabled.
- Select Review+create to begin creating the VPN gateway.
It can take up to 45 minutes for the task to be completed.
Creating a local network gateway
-
In the portal, select + Create a resource.
-
In the search box type "Local network gateway".
-
Select Local network gateway, then select Create to open the Create local network gateway page.
-
Fill in the fields with the following information:
- Name Your gateway name.
- IP address: This is the public IP address of the VPN device that you want Azure to connect to. Specify your SonicWall Cloud Edge gateway IP.
- Address Space: Insert your SonicWall Cloud Edge subnet (make sure that the ranges you specify here do not overlap with ranges of other networks that you want to connect to).
- Subscription: Verify that the correct subscription is showing.
- Resource Group: Select the resource group that you want to use. You can either create a new resource group or select one that you have already created.
- Location: Select a location that this object will be created in.
You may want to select the location in which your Virtual Network resides, however it is not a requirement.
- SKU: Select the gateway SKU from the dropdown. The SKUs listed in the dropdown depend on the VPN you select.
-
Select Create at the bottom of the page to create the local network gateway.
Creating the IPSEC tunnel connection
-
Open your virtual network gateway page.
-
On the sidebar, select All resources.
-
Select the Virtual network gateway you created. Once it opens, go to Settings, select Connections, and then +Add.
-
Fill in the fields with the following information:
- Name Your connection name.
- Connection type : Select Site-to-site (IPSec).
- Virtual network gateway: Since you are connecting from this gateway this value (the IP you received from Azure) is fixed.
- Local network gateway: The local network gateway (your SonicWall Cloud Edge network address) which you have just created is the fixed value.
- Shared Key: The value here must match the value that you are using for your local on-premises VPN device.
- The remaining values for Subscription, Resource Group, and Location are fixed as well.
- Select OK to create your connection.
SonicWall Cloud Edge Settings
-
Open your SonicWall Cloud Edge Management Platform and go to the Network tab.
-
Go to the gateway in your network from which you want to create the tunnel to Azure, select the three-dotted menu (...) beside it, and select Add Tunnel.
-
Select IPSec Site-2-Site Tunnel and select Continue.
-
Fill in the fields with the following information:
- Name: Enter a name of your choice.
- Shared Secret: Enter the same Shared secret you set in the Azure Portal.
- Public IP: Enter the Azure Virtual network gateway public IP.
- Remote ID: Enter the Azure Virtual network gateway remote ID.
- SonicWall Cloud Edge Gateway Proposal Subnets: Choose the purposed IP range.
- Remote Gateway Proposal Subnets: Enter the Azure Virtual network gateway subnet/range.
Advanced Settings
-
Enter the Advanced settings.
- IKE Version: V2
- IKE Lifetime: 1h
- Tunnel Lifetime: 1h
- Dead Peer Detection Delay: 10s
- Dead Peer Detection Timeout: 30s
- Encryption (Phase 1) : aes256
- Encryption (Phase 2) : aes256
- Integrity (Phase 1) : sha1
- Integrity (Phase 2): sha1
- Diffie-Hellman Groups (Phase 1): 2
- Deffie-Hellman Groups (Phase 1): 2
- Select Add Tunnel.
Verifying the VPN connection
-
Go to the Azure Portal and select All Resources.
- Select the Virtual network gateway.
-
Go to Connections.
-
Select the connection you created.
-
Under the Overview tab, make sure that the Status is Connected.
Was This Article Helpful?
Help us to improve our support portal