Azure networking

Anonymous
2020-07-24T20:19:39.29+00:00

my company need for a IPSEC customer VPN solution (site-to-site tunnels to customer networks for HL7 exchange of medical data).

We have found that the Azure VPN Gateway is mainly designed for connecting Azure to on-site office infrastructure and not so much as a Business-2-Business solution as it:
Lacks NAT capability on tunnels
Cannot present single IPs or have ACLs on tunnels
Does not provide indepth real-time debugging for policy mismatch issues
Has stricter requirements on remote endpoint settings (Doesn't support DHGroup 5, minimal PFS Support, Known issues with DHGroup14)

I am wondering if there is a low-cost solution that azure could recommend with these solutions. We have used PFSense and other similar solutions in other capacities however it appears azure networking is limited to TCP, UDP, and ICMP support. We don't see any method of doing IPSEC to a virtual appliance via a NATted IP and without allowing the ESP and AH protocols (protocol 51, or 50) which have neither a TCP/UDP/or ICMP based solution.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,484 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,646 Reputation points Microsoft Employee
    2020-08-04T12:19:11.977+00:00

    Hello anonymous user ,

    Azure provides IPSec solutions via VPN gateway/Virtual WAN only. And NAT is not supported in VPN gateway. You may however choose any Firewall/NVA solution with IPSec VPN capabilities from the available options in Azure Marketplace suitable to your needs. If you have any other queries, feel free to let us know.

    Thanks,
    Gita


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.