Skip to main content

Azure to Ubiquiti IPSec

 

Connecting Azure to on-premises.

After you've created your Azure Virtual Network Gateway log in to your router.

set vpn ipsec auto-firewall-nat-exclude enable

set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 pfs disable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes256
set vpn ipsec esp-group FOO0 proposal 1 hash sha1

set vpn ipsec ike-group FOO0 key-exchange ikev2
set vpn ipsec ike-group FOO0 lifetime 3600

! REPLACE "1" IF YOU ALREADY HAVE A PROPOSAL USING THIS IDENTIFIER
set vpn ipsec ike-group FOO0 proposal 1 dh-group 2
set vpn ipsec ike-group FOO0 proposal 1 encryption aes256
set vpn ipsec ike-group FOO0 proposal 1 hash sha1

set vpn ipsec site-to-site peer 22.24.48.131 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 22.24.48.131 authentication pre-shared-secret SXYHVuH5p4vySL3eeKHEut64m
set vpn ipsec site-to-site peer 22.24.48.131 connection-type respond
set vpn ipsec site-to-site peer 22.24.48.131 description IPsecAzure
set vpn ipsec site-to-site peer 22.24.48.131 ike-group FOO0
set vpn ipsec site-to-site peer 22.24.48.131 local-address 17.15.138.22

!REPLACE "vti0" BY ANOTHER VTI INTERFACE ID IF THIS ONE IS ALREADY USED BY YOUR UBIQUITI DEVICE
set vpn ipsec site-to-site peer 22.24.48.131 vti bind vti0
set vpn ipsec site-to-site peer 22.24.48.131 vti esp-group FOO0
set interfaces vti vti0
set protocols static interface-route 192.168.0.0/22 next-hop-interface vti0

set firewall options mss-clamp interface-type vti
set firewall options mss-clamp mss 1350
set system offload ipsec enable
No Comments
Back to top