Upgrading The IPsec/ IKE Policy To The Azure Site-To-Site VPN Connection Using The Azure Portal

 

In our previous article we learned how to upgrade the IPsec/IKE policy to the Azure Site-to-Site VPN Connection using PowerShell. In this article, we are going to learn how to configure an IPsec/IKE policy for site-to-site (S2S) VPN connections using the Azure Portal.

 

 

Before upgrading the connection, please verify that the following steps are configured in the Azure portal.

If you are not configuring the VPN setup please follow this link to learn about Implementing Azure Site To Site VPN.

 

 

In the Azure Portal, go to the correct “Resource group” and then open the “VPN Connection”.

 

In this demo our Connection name is “Site2-to-Site1”

 

 

 

Make sure that the connection is up and running with any issue

 

 

 

Go to the “Configuration” under the Settings.

 

 

 

Configuration settings, select the IPsec / IKE policy to “Custom”, now we enter the IKE Phase 1 and IKE Phase 2 (IPsec) parameters.

 

 

Click here to learn more details about supported cryptographic algorithms and key strengths.

 

 

Now we are going to enter the parameters for the IKE Phase 1 and IKE Phase 2 (IPsec). in this demo we are going to enter the below parameters.

 

After entering the parameters click “Save”.

 

 

Policy-based Traffic Selectors are not supported in Azure Stack Hub.

 

 

Once the IPsec/IKE policy is upgraded to the connection, the Azure VPN gateway will only send or accept the IPsec/IKE proposal with specified cryptographic algorithms and key strengths on that particular connection. Make sure your on-premises VPN device for the connection uses or accepts the exact policy combination, otherwise the S2S VPN tunnel will not establish.

 

 

In this article, we have learned how to upgrade the VPN Connection parameters using the Azure Portal. In our previous article we learned to upgrade the VPN Connection parameters using the PowerShell commands. If you have any questions feel free to contact me.