Hi all,
Fairly new to the scene and am in the process of setting up an azure to sonicwall VPN. Sonicwall is a SOHO running SonicOS Enhanced 5.9.1.7-2o
I can see the VPN as connected in AZ and on the sonicwall however no traffic is coming through.
I set up the address object for the VPN it points to the subnet of the AZ gateway 192.167.1.0
The VPN is set as site-to-site - IKE pre shared secret with the primary gateway as the public IP of the AZ gateway
proposals are:Phase 1 - IKEv2 - Group 2 - AES-256 - SHA1 - 3600
Phase 2 - ESP - AES-256 - SHA1 - 3600
Keep alive is checked
The networking tab of the VPN policy is set to any address and then the destination is the azure address object
I have routes in place from azure to any local and from any local to Azure
The logs:
09:23:54 Apr 12712NetworkDebugTCP connection reject received; TCP connection droppedACK RST
09:23:53 Apr 121327VPNInformIKEv2 Send Dead Peer Detection ResponseEvo-AZV...
09:23:53 Apr 12171VPNDebugSENDING>>>> ISAKMP OAK IKEV2_INFORMATIONAL (InitCookie:0x43a4286b88e45b06 RespCookie:0xef8518ea0109f6f0, MsgID: 0x185)
09:23:53 Apr 121324VPNInformIKEv2 Received Dead Peer Detection Request09:23:53 Apr 12171VPNDebugRECEIVED<<< ISAKMP OAK IKEV2_INFORMATIONAL (InitCookie:0x43a4286b88e45b06
These repeat with the exception of the TCP connection error
The firewall rules all auto built with creation of the VPN.
Azure has the local network gateway as the public IP of the Sonicwall.
The virtual network gateway is the public IP assigned in AZ.
Address space: 192.167.0.0/16
I have 396b of traffic in and none out. I cannot ping anything in AZ, public or otherwise. I have not updated any of the NSG rules for the one VM that is up yet as I am not sure what to allow, I thought a VPN negated the need for those rules as they applied to the public IP.
Please let me know if anything else is needed.
Cheers
Edit - added more info
No comments:
Post a Comment