Hi
I am trying to setup an IPSec VPN from ASAv in Azzure to on-premises firewall(ASA5515).
I am pasting the relevant configuration from ASAv here
object network OBJ-AZURE-LONDON-247
subnet 10.247.2.0 255.255.254.0
object network OBJ-LON-ONPREM
subnet 10.144.0.0 255.255.0.0
access-list OUTSIDE_cryptomap extended permit ip object OBJ-AZURE-LONDON-247 object OBJ-LON-ONPREM
crypto ipsec ikev2 ipsec-proposal IKEV2-IPSEC-ESP-AES256-SHA512
crypto map VPN-MAP 1 match address OUTSIDE_cryptomap
crypto map VPN-MAP 1 set peer 185.122.16.254
crypto map VPN-MAP interface management
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev2
tunnel-group 1 type ipsec-l2l
tunnel-group 1 general-attributes
default-group-policy GroupPolicy1
tunnel-group 1 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
The LAN on the Azzure side is a VNET which I have peered with the VNET of the ASA-VM.
My understanding is that the public IP of ASAv NIC0 will be translated to the private IP on which the IPSec tunnel will be created so I haven't configured any IP's on the ASA manually.
fidasr-asav# show ip
System IP Addresses:
Interface Name IP address Subnet mask Method
Management0/0 management 10.0.0.4 255.255.255.248 DHCP
Current IP Addresses:
Interface Name IP address Subnet mask Method
Management0/0 management 10.0.0.4 255.255.255.248 DHCP
fidasr-asav#
Not only I am not able to bring the tunnel up but I am not able to ping from ASAv to a VM which is located in another VNET.
fidasr-asav# show route
Gateway of last resort is 10.0.0.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 10.0.0.1, management
C 10.0.0.0 255.255.255.248 is directly connected, management
L 10.0.0.4 255.255.255.255 is directly connected, management
So I am sure I am missing something on Azzure routing side during deployment of ASAv.
