Azure VPN for D-Link DSR-N1000

 

I got my new router last friday. And as soon I got the time to setup my VPN to azure again, so my Azure Site Recovery service will work again.

Here are my guide to the setup, it how I get to work.

How to setup VPN from a D-Link DSR-N1000 (DSR-N250 or DSR-N500)

Note: It is important that you also take a look at ‘About VPN Devices for Virtual Network Connectivity’ – https://msdn.microsoft.com/en-us/library/azure/jj156075.aspx

The 1st thing you have to do is to create network in Azure

Create a virtual Network in the Microsoft Azure cloud. Choose subnets which are not present in your local networks to avoid IP address conflicts.

  1. Log into your Microsoft Azure Management Portal (https://manage.windowsazure.com)
  2. In the left pane click NETWORKS.B0fRNlSIUAAsSUv
  3. In the bottom left corner click + NEW.
  4. Click CUSTOM CREATE. The create a virtual network windows opens.
  5. Enter the Name for the network.
  6. Select a Location. E.g., West Europe
  7. Click NEXTvirtualnetworkdetails
  8. (optional) Enter or select a DNS server.
  9. In the right panel enable Configure site-to-site VPN.
  10. Select Specify a New Local Network from the LOCAL NETWORK drop down.site2site
  11. Click Next
  12. Enter a NAME for your local on-premises network.
  13. Enter the VPN DEVICE IP ADDRESS. This is the external IP address of the Barracuda Firewall running the VPN service.
  14. In the ADDRESS SPACE section enter the on-premise network(s). E.g., 10.10.200.0/24
  15. Click Nextsite2site2
  16. In the Virtual Network Address Spaces section click add subnet:
  • Subnet – Enter a name for the subnet.
  • Starting IP – Enter the first IP of the IP Range for the subnet. E.g., 10.10.201.0
  • CIDR(ADDRESS COUNT) – Select the subnet mask from the list. E.g., /24 for 256 IP addresses
  1. Click add gateway subnet:
  • Starting IP – Enter the first IP for the gateway subnet. E.g., 10.10.201.0
  • CIDR (ADDRESS COUNT) – Select the subnet mask from the list. E.g., /29 for 8 IP addressesnetworkadressspaces
  1. Click OK

The Azure Virtual Network you have just created is now listed in the NETWORK menu in the Azure management interface.

The 2nd thing you to do, is to create a VPN gateway in Azure

Create the Azure VPN Gateway.

  1. Log into your Microsoft Azure Management Portal (https://manage.windowsazure.com).
  2. In the left pane click NETWORKS.B0fRNlSIUAAsSUv
  3. Click on the Network previously created in Step 1. gatewayred
  4. in the top menu click on DASHBOARD.
  5. In the bottom pane, click CREATE GATEWAY. gateway
  6. Select Static Routing from the list. Creating the gateway will take a couple of minutes.

When the color of the gateway turns blue, the gateway has been successfully created. The Gateway IP is now displayed below the VPN Gateway image.gateawayblue

 

Now you can configure IPsec Site-to-Site VPN for the D-Link box

Create a active IPsec VPN connection to DSR-N1000 box

  1. To go VPN >> IPSec VPN >> Policies
  2. Press ‘Add New IPSec Policyipsec
  3. Here you have add all the information
    1. Policy Name, it is up to you
    2. Policy Type = Auto Policy
    3. IP Protocol Version = IPv4
    4. IKE Version = IKEv1
    5. L2TP mode = None
    6. IPSec Mode = Tunnel Mode
    7. Select Local Gateway = Dedicated WAN
    8. Remote Endpoint = IP Address
    9. IP Adress / FQDN = 137.117.203.108 (the gatewat ip address for azure)ipsec2
    10. Enable Mode Config = OFF
    11. Enable NetBios = OFF
    12. Enable RollOver = OFF
    13. Protocol = ESP
    14. Enable DHCP = OFF
    15. Local IP = Subnet
    16. Local Start IP Address =10.10.200.0
    17. Local Subnet Mask = 255.255.255.0
    18. Remote IP = Subnet
    19. Remote Start IP Address = 10.10.201.0
    20. Remote Subnet Mask = 255.255.255.0ipsec3
    21. Enable Keepalive = OFF
    22. Phase1 (IKE SA Parameter)
      1. Exchange mode = Main
      2. Direction / Type = Both
  • Nat Traversal = ON
  1. NAT Keep Alive Frequency = 20
  2. Local Identifier Type = Local WAN IP
  3. Remote Identifier Type = Remote WAN IP
  1. Encryption Algorithm
    1. AES-128 = ONipsec4
  2. Authentication Algorithm
    1. SHA-1 = ON
    2. Authentication Method = Pre-Shared Key
  • Pre-Shared Key = you to get from the management portalsharedkey
  1. Diffie-Hellman (DH) Group = Group 2 (1024 bit)
  2. SA-Lifetime = 28800
  3. Enable Dead Peer Detection = OFF
  • Extended Authentication = Noneipsec5
  1. Phase2-(Auto Policy Parameters)
    1. SA Lifetime = 3600 Seconds
  2. Encryption Algorith
    1. AES-128 = ONipsec6
  3. Integrity Algorithm
    1. SHA-1 = ONipsec7
  4. Press now ‘Save’
  5. Go now back to Azure management portal and check the connectiongatewaygreen

Comments are closed.