What settings should be used to create a VPN IPSEC site to site connection between Smoothwall and a Microsoft Azure.
With no traffic through the tunnel, the Azure will close the tunnel after five minutes. Azure will bring up the tunnel again as soon as traffic triggers the connection but this can cause a few alerts to be sent out from the Smoothwall about tunnels disconnecting.
Procedure
- Create a new tunnel with these settings, see our help topic, Creating an IPsec Tunnel:
- Name: Here to Azure
- Enabled: Yes
- Local IP: External connection IP
- Local network: local.subnet.address/24
- Local ID type: IP Address
- Local IP Local ID value: external.connection.ip.address
- Remote IP or hostname (blank for ANY): azure.external.ip.address
- Remote network: azure.network.address.space
- Remote ID type: User specified IP address
- Remote ID value: azure.external.ip.address
- Authenticate by: Preshared key
- Preshared key: ********
- Use compression: No
- Initiate the connection: Yes
- Advanced>>
- Local certificate: Default
- Perfect forward secrecy: No
- Authentication type: ESP
- Key Life (mins): 30
- Key Tries (0 means never give up): 0
- IKE lifetime (mins): 240
- Do not rekey: Not enabled
- IKEV2: Not enabled
- MTU: Not set
- Local internal IP: lan.ip.of.smoothwall
- Phase 1
- Cryptographic algorithm: AES 256
- Hash algorithm: SHA
- Diffie-Hellman Group: dh2 (1024)
- Phase 2
- Cryptographic algorithm: AES 256
- Hash algorithm: SHA
- Diffie-Hellman Group: dh2 (1024)
- Phase 1
- Advanced>>
Azure
These settings will work fine for a policy-based Site-to_site (IPSEC) VPN. Smoothwall GUI does not support route-based IPSEC connections so if a route-based VPN is needed, please contact our support to discuss options.
SKU: Basic
Gateway type: VPN
VPN type: Policy-based
Preshared key: ********
Other objects, like local network gateways need to be created as well, so follow the Azure setup guides for those.