If you feel Azure VPN gateway is costly, then you can go with any NVAs like Cisco which you can deploy in Azure and configure it to form a tunnel between Azure and On-Prem.
There you will not get any issues with the IKE policies.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Cisco have removed Diffie-Hellman Group 2 (see below) but Microsoft Azure VPN Basic Gateway utilizes Diffie-Hellman Group 2 by default for Site2Site VPN. As a result you need to setup a custom IPSEC/IKE policy which is not supported in the Basic VPN Gateway SKU which would require upgrading to at least the next SKU ( VpnGW1). The issue I have is the VPN is to connect to a single virtual machine in Azure, the basic VPN is approx. £20 per month while the next model is approx. £104 per month which is more expensive that the VM itself. Has anyone come across this and is there any workaround ? I can't see how I can recommend migrating a single VM into Azure with a Site2Site VPN with the cost.
Diffie-Hellman GROUP 5 is deprecated for IKEv1 and removed for IKEv2
Diffie-Hellman groups 2 and 24 have been removed.
Encryption algorithms: 3DES, AES-GMAC, AES-GMAC-192, AES-GMAC-256 have been removed.
Custom IPsec/IKE policy is supported on all Azure SKUs except the Basic SKU.*
If you feel Azure VPN gateway is costly, then you can go with any NVAs like Cisco which you can deploy in Azure and configure it to form a tunnel between Azure and On-Prem.
There you will not get any issues with the IKE policies.