Difference between revisions of "Azure"

From VyOS Wiki
Jump to: navigation, search
Line 2: Line 2:
  
  
vpn {
+
vpn {
 
     ipsec {
 
     ipsec {
 
         esp-group esp-azure {
 
         esp-group esp-azure {

Revision as of 00:02, 4 April 2017

Policy-based S2S with Azure


vpn {
    ipsec {
        esp-group esp-azure {
            compression disable
            mode tunnel
            pfs disable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group ike-azure {
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        logging {
            log-modes all
        }
        nat-traversal disable
        site-to-site {
            peer 5.8.9.1 {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret xQ4JvYcY8ftwVg4Wa2gB3E9t
                }
                connection-type respond
                default-esp-group esp-azure
                ike-group ike-azure
                local-address 5.9.5.5
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group esp-azure
                    local {
                        prefix 192.0.2.0/24
                    }
                    remote {
                        prefix 10.219.0.0/20
                    }
                }
            }
        }
    }
}