Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Prerequisites

You need a virtual network gateway in Azure. If you don't have one, follow this tutorial by Microsoft.

Step 1 - Creating a new cloud connection

Click + Add new, enter a Name (e.g., Azure Production), select the required Gateway, and define the Subnets of your Azure Virtual Network (using CIDR notation).

Choose IPSec Protocol, and click Continue.

Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set in your Azure environment in the next steps.

Click Submit to finish, or Continue to define optional Branch Segments for finer access control.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration:

Shared Secret - Create a new strong password
Public IP - IP of your Azure virtual network gateway
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

Step 2 - Creating a new local network gateway

Set the configuration as follows:

Endpoint - IP address
IP address - IP of your GoodAccess Gateway
Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Azure Portal with key steps to creating a new local network gateway.

Azure Portal with key steps to configuring a new local network gateway.

Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

Virtual network gateway - Choose from the dropdown
Local network gateway - Choose from the dropdown
Shared key (PSK) - Shared Secret (Step 1)
IKE Protocol - IKEv2
IPsec / IKE policy - Custom
IKE Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)
IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)
DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

Azure Portal with key steps to creating a new connection.

Azure Portal with key steps to creating a new site-to-site connection.

Azure Portal with key steps to configuring a new site-to-site connection.

You have now successfully connected your Azure resources to GoodAccess.

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your Virtual Network (VNet) (e.g., virtual machines, databases, etc.).

Depending on your Azure security setup, you may need to allow this communication in:

Network Security Groups (NSGs)
Azure Firewall

You may check the status of the connection in:

GoodAccess: Go to Control Panel > Network > Clouds & Branches to view the tunnel status. Use the Test Connection button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).
Azure: Go to Virtual network gateway > Connections.

PreviousGoogle Cloud NextOther Public Cloud providers

Last updated 21 days ago

Was this helpful?

hashtagPrerequisites

hashtagStep 1 - Creating a new cloud connection

hashtagStep 2 - Creating a new local network gateway

hashtagStep 3 - Creating a new connection

Prerequisites

Step 1 - Creating a new cloud connection

Step 2 - Creating a new local network gateway

Step 3 - Creating a new connection