GoodAccess Website Request Free Trial Download App

Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

PreviousGoogle Cloud NextOther Public Cloud providers

Last updated 2 months ago

Was this helpful?

Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Prerequisites

You need a virtual network gateway in Azure. If you don't have one, .

Step 1 - Creating a new cloud connection

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your Azure virtual network gateway
Shared Secret - Create a new strong password
Public IP - IP of your Azure virtual network gateway
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

Step 2 - Creating a new local network gateway

Set the configuration as follows:

Endpoint - IP address
IP address - IP of your GoodAccess Gateway
Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

Virtual network gateway - Choose from the dropdown
Local network gateway - Choose from the dropdown
IKE Protocol - IKEv2
IPsec / IKE policy - Custom
IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)
DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

You have now successfully connected your Azure resources to GoodAccess.

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your Virtual Network (VNet) (e.g., virtual machines, databases, etc.).

Depending on your Azure security setup, you may need to allow this communication in:

Network Security Groups (NSGs)
Azure Firewall

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Azure - Virtual network gateway > Connections

PreviousGoogle Cloud NextOther Public Cloud providers

Last updated 2 months ago

Was this helpful?

Prerequisites

You need a virtual network gateway in Azure. If you don't have one, .

Step 1 - Creating a new cloud connection

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your Azure virtual network gateway
Shared Secret - Create a new strong password
Public IP - IP of your Azure virtual network gateway
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

Step 2 - Creating a new local network gateway

Set the configuration as follows:

Endpoint - IP address
IP address - IP of your GoodAccess Gateway
Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

Virtual network gateway - Choose from the dropdown
Local network gateway - Choose from the dropdown
Shared key (PSK) - Shared Secret
IKE Protocol - IKEv2
IPsec / IKE policy - Custom
IKE Phase 1 & 2 - Must match configuration from GoodAccess
IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)
DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

You have now successfully connected your Azure resources to GoodAccess.

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your Virtual Network (VNet) (e.g., virtual machines, databases, etc.).

Depending on your Azure security setup, you may need to allow this communication in:

Network Security Groups (NSGs)
Azure Firewall

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Azure - Virtual network gateway > Connections