Cannot establish IPSec Tunnel between remote site and NSv
Jakezxz1
Newbie ✭
Hello,
I am using a Cradlepoint cellular router and I am trying to establish a IPSec VPN Tunnel between it and my virtual sonicwall instance inside of azure.
I created the VM using the useful marketplace tool and got it spun up very quickly.
I've configured IPSec tunnels between Cradlepoint routers and sonicwalls before, so I'm comfortable with the process, except this appears to be different.
I have my NSG rules in place to allow traffic on ports 500 and 4500 through - I can see traffic hit the NSv via pcap but the tunnel fails to establish on Phase 2.
I do not have an Azure virtual gateway, is this required?
Please assist where possible, I can share anything you require.
Category: Virtual Firewall
0
Answers
Just to be clear this is for the NSv 270
@Jakezxz1
allow traffic on ports 50, 500 and 4500.
Follow the below KB for NSv (Azure) site to site VPN.
Thanks friend - To be clear however, in case this article is not relevant - I have my NSv - Sonicwall VIRTUAL firewall hosted INSIDE Azure and I want to connect to it FROM the outside world.
I really don't want to setup a virtual gateway to do this since surely the entire point of the Sonicwall is to be the headend itself, no?
NSV inside Azure VNET, enable IKE NAT traversal on on both sides ( IPSEC VPN advanced) - use IKEV2 if possible
The initial IKE message IKE_SA_INIT to port 500 will include the
Payload (41) NAT _DETECTION_SOURCE_IP
Payload (41) NAT _DETECTION_DESTINATION _IP
it will then negotiate the NAT traversal
In Azure you are behind a NAT device - the AZ gateway so 4500 will be used from this point forward.
Define the Local and Remote IKE Identifier on either side don't use the default ( it will assume the X1 wan ip address within the vnet)
That's it, no magic.