Select Page

Today, more and more customers are using public cloud service providers such as Microsoft Azure to deploy their server or services, to get high performance, reliable services that are easy to deploy and get to market fastest.

But, these same customers still maintain local branch offices or datacenters. How do you securely connect local services with hosted cloud services? The solution is Hillstone Networks and this document outlines the steps to connect to Windows Azure.

Windows Azure has a relatively fixed setting on IKEv2. To set up an IPSEC tunnel between a Hillstone firewall and an Azure IPSEC service, simply do a match on the Hillstone device.

Below is a typical configuration in 4 easy steps, with the following details:

  • Hillstone Firewall Public IP:
  • Hillstone side internal subnet:
  • Azure side Public IP:
  • Azure side internal subnet:

Step1: Setup IKEv2 proposal

ikev2 proposal “prop1”

hash sha

encryption 3des

group 2

lifetime 10800


Step2: setup IPSEC proposal

ikev2 ipsec-proposal “prop2”

hash sha

encryption aes

lifetime 3600


Step3: Setup IKEv2 peer

ikev2 peer “peer1”

interface ethernet0/1

match-peer “”

ikev2-proposal “prop1”

local-id ip

ikev2-profile “esp-peer1”

remote id ip

remote key “key”

traffic-selector src subnet

traffic-selector dst subnet


ikev2-profile “esp-peer1”



Step4: Setup the IPSEC tunnel

tunnel ipsec “azure” ikev2

ikev2-peer “peer1”

ipsec-proposal “prop2”



After you complete Steps 1-4, the IKEv2 IPSEC tunnel between Hillstone and Azure will be complete. Admins can bind this tunnel to the routing table (routing based model) or Policy rule ( Policy based model) of the firewall.

Download PDF version here

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level