Requirements: IPSEC Site-to-Site VPN

Recommended VPNs for connecting to ADX services is by using IPSec site-to-site VPNs. DDTech has tested the following combination and found this to work:

set vpn ipsec esp-group esp-azure pfs disable
set vpn ipsec esp-group esp-azure lifetime 3600
set vpn ipsec esp-group esp-azure mode tunnel
set vpn ipsec esp-group esp-azure proposal 1
set vpn ipsec esp-group esp-azure proposal 1 encryption aes128
set vpn ipsec esp-group esp-azure proposal 1 hash sha1
set vpn ipsec esp-group esp-azure compression disable
set vpn ipsec ike-group ike-azure key-exchange ikev2
set vpn ipsec ike-group ike-azure ikev2-reauth no
set vpn ipsec ike-group ike-azure lifetime 10800
set vpn ipsec ike-group ike-azure proposal 1
set vpn ipsec ike-group ike-azure proposal 1 dh-group 2
set vpn ipsec ike-group ike-azure proposal 1 encryption aes256
set vpn ipsec ike-group ike-azure proposal 1 hash sha1

A list of documented supported hardware and IKE and ESP configurations settings can be found here:

https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/

PreviousDemand History Outlier Script

Last updated 6 years ago