locked
S2S VPN between Azure and Cisco ASA 8.2 RRS feed

  • Question

  • I'm trying to create an IPSec site-to-site VPN between Azure and a Cisco ASA running 8.2.  I have to use 3des sha1 dh2 for encryption. The Cisco is at a shared data center. So I don't have the option to upgrade the device or its firmware.
    I've created route-based and policy-based gateways in Azure. Neither type is able to connect. I've also used the sample script to configure the connection on the Cisco.
    I'd appreciate help with making the connection work.


    Friday, February 1, 2019 9:36 PM

Answers

  • Msrini,

    Thanks for the suggestion. Unfortunately, I was never able to get the site-to-site VPN connected using a policy-based gateway. Since the s2s connection was for an Azure workstation, I configured a regular IPSec VPN connection in Windows. So the Azure workstation connects to the on-prem AD server as if were a remote laptop. 

    I'll retry the s2s connection once our Cisco ASA is upgraded or replaced.

    m-

    • Marked as answer by Maurice Byrd Friday, March 22, 2019 5:07 PM
    Monday, March 18, 2019 3:16 PM

All replies

  • Hi Maurice, 

    Thank you for posting here. 

    Here is the list of Validated VPN devices along with the minimum Firmware requirement: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable

    Cisco ASA requires minimum firmware version of 8.3. Microsoft worked with respective vendor and validated the devices with this version. For Cisco ASA 8.2, there are few issues which we found and it is not stable with Azure VPN gateway and hence it is not recommended. 

    If you still wanted to use, go for policy based gateway in Azure and try connecting. Here is the parameter that you need to configure at your ASA :https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

    -----------------------------------------------------------------------------------------------------------

    If you found this post helpful, please give it a "Helpful" vote. 

    Please remember to mark the replies as answers if they help.

    Saturday, February 2, 2019 4:47 PM
  • Hi, 

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Msrini

    Saturday, February 23, 2019 6:26 AM
  • Hi, 

    Any update on this issue? If the proposed answer helped please remember to mark it as the answer so others who encounter a similar issue can easily find the solution. 

    Regards, 

    Msrini

    Monday, March 18, 2019 9:31 AM
  • Msrini,

    Thanks for the suggestion. Unfortunately, I was never able to get the site-to-site VPN connected using a policy-based gateway. Since the s2s connection was for an Azure workstation, I configured a regular IPSec VPN connection in Windows. So the Azure workstation connects to the on-prem AD server as if were a remote laptop. 

    I'll retry the s2s connection once our Cisco ASA is upgraded or replaced.

    m-

    • Marked as answer by Maurice Byrd Friday, March 22, 2019 5:07 PM
    Monday, March 18, 2019 3:16 PM
  • Hi, 

    Do you have any update for me?

    Regards, 

    Msrini

    Friday, March 22, 2019 3:30 PM