search
GoodAccess WebsiteRequest Free TrialDownload App

Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

hashtag
Prerequisites

You need a virtual network gateway in Azure. If you don't have one, follow this tutorial by Microsoftarrow-up-right.

hashtag
Step 1 - Creating a new cloud connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

circle-info

You may return to the configuration via the Edit button of your Cloud at any time.

circle-info

Example of configuration:

  • Cloud/Branch subnet - Subnet of your Azure virtual network gateway

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Azure virtual network gateway

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

hashtag
Step 2 - Creating a new local network gateway

Log in to the Azure Portalarrow-up-right, and go to Local network gateways (you can use the searchbar), and click + Create.

Set the configuration as follows:

  • Endpoint - IP address

  • IP address - IP of your GoodAccess Gateway

  • Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Azure Portal with key steps to creating a new local network gateway.
Creating a new local network gateway
Azure Portal with key steps to configuring a new local network gateway.
Setting up a new local network gateway

hashtag
Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

  • Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

  • Virtual network gateway - Choose from the dropdown

  • Local network gateway - Choose from the dropdown

  • Shared key (PSK) - Shared Secret (Step 1)

  • IKE Protocol - IKEv2

  • IPsec / IKE policy - Custom

  • IKE Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)

  • IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)

  • DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

Azure Portal with key steps to creating a new connection.
Creating a new connection
Azure Portal with key steps to creating a new site-to-site connection.
Creating a new site-to-site connection
Azure Portal with key steps to configuring a new site-to-site connection.
Setting up a new site-to-site connection

You have now successfully connected your Azure resources to GoodAccess.

circle-exclamation

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your Virtual Network (VNet) (e.g., virtual machines, databases, etc.).

Depending on your Azure security setup, you may need to allow this communication in:

  • Network Security Groups (NSGs)

  • Azure Firewall

circle-info

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Azure - Virtual network gateway > Connections

PreviousGoogle CloudNextOther Public Cloud providers

Last updated

Was this helpful?