Create Azure Site-to-Site VPN Solution using Cisco Pix 501

    Windows Azure contains configuration Sample for Cisco ASA and Juniper Firewall to Create A Site-to-Site VPN Solution , In my Case I only Have Cisco PIX 501 and I needed to build this VPN Solution . It toke me Some time figuring out how to Do the configuration on PIX. 🙂

    In this Article I’m building a solution that span Azure Network , where some VMS are on Azure and other on local Network , below Steps that I have made for this configuration:

    Create Storage Account to Store you VM Vhd files , creating a storage Account helps assign a meaningful name to the storage location and selecting MS Data Center that will host your VHD and VM files. Select the Storage icon form the right Site then click create A Storage Account

    clip_image001

Name your storage Account and Location , if you have multiple subscriptions you can choose the one you want to use , also you can Enable Geo-replication If needed. (don’t Do it for SQL VMS)

    clip_image002

Create affinity groups to Keep VMs in the Same Group

    clip_image003

Create local network , You will need to add your Firewall External Adapter Public IP address to act as VPN Gateway

    image

Add Local Network IP address range this Defines the IP address range at your on-primes Network

    clip_image005

Register Local DNS Server

    clip_image006

Create Virtual Network

    clip_image007

Select your DNS Server , Local network and Configure Site-to-Site VPN

    clip_image008

Define Azure VMs networks and Azure gateway Network

    clip_image009

Create static routing Gateway

    clip_image010

Confirm Gateway Creation , it take 15 Minute to create Gateway

    clip_image011

    Confirm gateway creation , you will need the public IP address assigned by Azure for PIX Configuration

    image

Copy The Shared key by clicking manage Key

    clip_image013

Configure the Cisco PIX Firewall

    object-group network RP_AzureNetwork

    network-object 172.16.0.0 255.240.0.0

    object-group network RP_OnPremiseNetwork

    network-object 192.168.0.0 255.255.0.0

    access-list 10 permit ip object-group RP_OnPremiseNetwork object-group RP_AzureNetwork

    nat (inside) 0 access-list 10

    sysopt connection tcpmss 1350

    sysopt connection permit-ipsec

    crypto ipsec transform-set RPAzure esp-aes-256 esp-sha-hmac

    crypto ipsec security-association lifetime seconds 3600 kilobytes 102400000

    crypto map RP_Azmap 20 ipsec-isakmp

    crypto map RP_Azmap 20 match address 10

    crypto map RP_Azmap 20 set peer 137.Azure.Public.IP

    crypto map RP_Azmap 20 set transform-set RPAzure

    crypto map RP_Azmap interface outside

    isakmp enable outside

    isakmp key ******** address 137.Azure.Public.IP netmask 255.255.255.255

    isakmp policy 20 authentication pre-share

    isakmp policy 20 encryption aes-256

    isakmp policy 20 hash sha

    isakmp policy 20 group 2

    isakmp policy 20 lifetime 28800

Confirm VPN Connection Status

    clip_image014

    Done your Now connected to Azure

Advertisements

About Hikmat Kanaan

I’m big fan of technology; I have worked almost with every MS windows OS up to Windows 8 and server 2012 including OS deployment, AD and almost every MS OS service included major MS products ISA ,TMS, Exchange, System center ,Sharepoint ,SQL , Storage system, Networking, security, Cisco, HP, and Checkpoint products. Designing and Architecting IT solutions and infrastructure . I do admire automation and working based on best practices toward building highly reliable solution that provide the required services to Business. I also run the Jordan IT professionals user Group http://www.jitpros.net
This entry was posted in Azure, Private cloud, Tips and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s