my company need for a IPSEC customer VPN solution (site-to-site tunnels to customer networks for HL7 exchange of medical data).
We have found that the Azure VPN Gateway is mainly designed for connecting Azure to on-site office infrastructure and not so much as a Business-2-Business solution as it:
Lacks NAT capability on tunnels
Cannot present single IPs or have ACLs on tunnels
Does not provide indepth real-time debugging for policy mismatch issues
Has stricter requirements on remote endpoint settings (Doesn't support DHGroup 5, minimal PFS Support, Known issues with DHGroup14)
I am wondering if there is a low-cost solution that azure could recommend with these solutions. We have used PFSense and other similar solutions in other capacities however it appears azure networking is limited to TCP, UDP, and ICMP support. We don't see any method of doing IPSEC to a virtual appliance via a NATted IP and without allowing the ESP and AH protocols (protocol 51, or 50) which have neither a TCP/UDP/or ICMP based solution.