All geek questions in one place

Windows Azure VPN Tunnel Update

Does anyone know how to "reset" a VPN tunnel in a Windows Azure Virtual Network? The guys on the net are asking me to do this. They mean β€œupdate” the connection. Since I am not a VPN expert, I do not fully understand this request. They told me that it was frecuent when setting up VPN tunnels on hardware VPN concentrators (such as Cisco, Juniper, etc.).

+4
source share
2 answers

When using the Windows Azure virtual network, when you set up a VPN connection, the connection is available all the time, and if for some reason the connection was disconnected, the tunnel should usually recover automatically.

Also, as soon as you configure the VPN, the tunnel is restored within a few seconds. Also, once the connection status may not be updated immediately on the portal, since the portal is updated after about 5 minutes, however, a VPN can be installed under it. Users cannot update the VPN through the portal or use Powershell at this point.

0
source

By adding an Avkash response, Azure will periodically try to establish VPN tunnels with your local device, so you do not need to perform manual actions on your device.

To dive into internal components a bit, the Azure Gateway is trying to establish an IPsec tunnel. To create this tunnel, the Azure gateway and your VPN device must negotiate a number of security associations. They are called phases 1 (isakmp) and Phase 2 (ipsec) SA. These SAs contain mutually agreed parameters (security keys, lifetime, etc.) that both devices will use to encrypt packets between two endpoints.

When you say you want to β€œreset” your connection, I assume that you are looking for steps to clean and review these SAs. You can do this from your device by issuing the following commands after entering your device. This should notify the Azure side and trigger a second discussion.

Cisco ASA and ISR devices

clear crypto isakmp sa clear crypto ipsec sa

Juniper SSG / ISG devices

 clear ike all

Juniper SRX / J devices

 clear security ike security-associations
0
source

Source: https://habr.com/ru/post/1435967/

More articles:


All Articles