Connecting Untangle NGFW To Azure VPN Gateway via IPsec IKEv2

Overview

You can connect your Untangle NG Firewall networks to your Microsoft Azure networks using IPsec VPN tunnels. This is possible using either the Azure VPN Gateway or the Untangle NG Firewall for Azure public cloud. This article describes configuring an IPsec tunnel using IKEv2 between Untangle NG Firewall and the Azure VPN Gateway.

Azure VPN Gateway Configuration

Create a Virtual Network Gateway

In your Azure Management Portal create a Virtual Network Gateway type of resource. 
Configure the following essential parameters:

Gateway type: VPN
VPN type: Route-based
Virtual network: Select an existing network or create one
Public IP address: Select an existing public IP or create one

azure-ipsec-ike2-config-network.png

Shared key (PSK): Enter a private key that must be shared with the remote IPsec gateway.
IKE Protocol: IKEv2

azure-ipsec-ike2-config.png

Untangle NG Firewall IPsec Configuration

Configure the VPN Server

In the IPsec VPN app, navigate to the VPN Config tab and Enable the L2TP/Xauth/IKEv2 server.

Add an IPsec Tunnel

In the IPsec Tunnels tab, click add to configure a tunnel with your Azure VPN Gateway.
Configure the following essential parameters:

Connection Type: Tunnel
IKE Version: IKEv2
Connect Mode: Always Connected
Interface: Your external interface
Remote Host: The Internet IP address of your Azure VPN Gateway
Local Identifier: The Internet IP address of your NG Firewall host
Remote Identifier: The Internet IP address of your Azure VPN Gateway
Local Network: The local subnets you want to add to the VPN tunnel
Remote Network: The remote subnets in your Azure virtual network that you want to add to the VPN tunnel
Shared Secret: The shared key value you entered into the Azure VPN Connection.  

azure-ipsec-ike2-config-untangle.png

Verify the Connection

After you configure the tunnel on both gateways you can view the connection status. If the tunnels connect, the status shows Connected (Azure) or Active (Untangle NG Firewall). If the local network configuration is correct, you can ping between hosts on the internal networks.

azure-ipsec-status-azure.png

azure-ipsec-status-untangle.png

Note: Ensure that your Azure Network security groups do not prevent access from the remote networks behind your NG Firewall.

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk