Tags
Azure, Azure VPN Gateway, IKEv1, Meraki, Site2Site VPN, StrongSwan
Recently I am trying to build Site 2 Site IPSEC VPN with Azure VPN gateway and Meraki MX firewall. Meraki start supporting (27th May 2019) IKEv2 in their beta firmware MX 15.13 but it’s not stable.
Please check https://community.meraki.com/t5/Security-SD-WAN/Azure-VPN-IKEv2-intermittent/m-p/47688#M12029 and https://community.meraki.com/t5/Security-SD-WAN/IKEv2-support-on-MX-devices/m-p/48333#M12197
Azure Policy Based VPN gateway (IKEv1) is ok but it only suppotrs one Site 2 Site VPN tunnel.
To overcome the issue; I have created one Ubuntu Server which works as VPN gateway and added User-defined route to route all VPN traffic via Ubuntu Server.
A. Azure Configuration
1. Create a virtual machine. I my case I have created VM with Ubuntu 18.04 LTS with following specification
2. After creating VM go to VM > Networking > Network Interface and Enable IP forwarding settings
3. From NSG make sure UDP/500 and UDP/4500 has been allowed.
4. Create Route Table. 192.168.100.0/24 is the remote subnet and 10.0.0.9 is the IP address of Ubuntu Server.
5. Make sure you associate it with existing network/VNET