GoodAccess WebsiteRequest Free TrialDownload App

Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Prerequisites

You need a virtual network gateway in Azure. If you don't have one, follow this tutorial by Microsoft.

Step 1 - Creating a new cloud connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration:

  • Cloud/Branch subnet - Subnet of your Azure virtual network gateway

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Azure virtual network gateway

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

Step 2 - Creating a new local network gateway

Log in to Azure, and go to Local network gateways (you can use the searchbar), and click + Create.

Set the configuration as follows:

  • Endpoint - IP address

  • IP address - IP of your GoodAccess Gateway

  • Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

  • Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

  • Virtual network gateway - Choose from the dropdown

  • Local network gateway - Choose from the dropdown

  • Shared key (PSK) - Shared Secret (Step 1)

  • IKE Protocol - IKEv2

  • IPsec / IKE policy - Custom

  • IKE Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)

  • IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)

  • DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

You have now successfully connected your Azure resources to GoodAccess.

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Azure - Virtual network gateway > Connections

PreviousGoogle CloudNextOther Public Cloud providers

Last updated