Today, more and more customers are using public cloud service providers such as Microsoft Azure to deploy their server or services, to get high performance, reliable services that are easy to deploy and get to market fastest.
But, these same customers still maintain local branch offices or datacenters. How do you securely connect local services with hosted cloud services? The solution is Hillstone Networks and this document outlines the steps to connect to Windows Azure.
Windows Azure has a relatively fixed setting on IKEv2. To set up an IPSEC tunnel between a Hillstone firewall and an Azure IPSEC service, simply do a match on the Hillstone device.
Below is a typical configuration in 4 easy steps, with the following details:
- Hillstone Firewall Public IP: 126.96.36.199
- Hillstone side internal subnet: 192.168.0.0/16
- Azure side Public IP: 188.8.131.52
- Azure side internal subnet: 10.1.0.0/16
Step1: Setup IKEv2 proposal
ikev2 proposal “prop1”
Step2: setup IPSEC proposal
ikev2 ipsec-proposal “prop2”
Step3: Setup IKEv2 peer
ikev2 peer “peer1”
local-id ip 184.108.40.206
remote id ip 220.127.116.11
remote key “key”
traffic-selector src subnet 192.168.0.0/16
traffic-selector dst subnet 10.1.0.0/16
Step4: Setup the IPSEC tunnel
tunnel ipsec “azure” ikev2
After you complete Steps 1-4, the IKEv2 IPSEC tunnel between Hillstone and Azure will be complete. Admins can bind this tunnel to the routing table (routing based model) or Policy rule ( Policy based model) of the firewall.
Download PDF version here