Having issues getting the CSR 1000v in Azure to form any IPsec tunnels. The remote site is a SonicWall and unfortunately I do not have access to its configuration... let's assume it's configured correctly for IKEv1 route based tunnels..
I've also stood up a physcial FortiGate at a remote site and another CSR 1000v in Azure for testing. No matter what I cannot get past phase 1. It looks like phase 1 comes up but phase 2 just will not. Here is the config on the CSR:
*I'm using IP unnumbered because the remote SonicWall IT folks are telling me that they do not have a tunnel IP address.
crypto keyring ECW-VPN-KEYRING
pre-shared-key address 0.0.0.0 0.0.0.0 key SuperSecret0101
!
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 10 periodic
crypto isakmp profile VPN-PROFILE
keyring VPN-KEYRING
match identity address <remote site public> 255.255.255.255
!
!
crypto ipsec transform-set VPN-XFORM esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSEC-PROFILE
set security-association lifetime seconds 28800
set transform-set VPN-XFORM
set isakmp-profile VPN-PROFILE
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.100.1 255.255.255.0
!
interface Tunnel0
ip address unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel destination <remote site public>
tunnel protection ipsec profile IPSEC-PROFILE
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
no mop enabled
no mop sysid