cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1389
Views
0
Helpful
4
Replies

Configuring / debugging RV134W VPN to Azure VPN Gateway (Basic SKU)

john.pavel
Level 1
Level 1

It looks as if it should be very straightforward to configure the RV134W to connect to an Azure VN gateway: put in the gateway and subnet addresses, and let it go.  However, I don't get a connection.  I'm using the Basic SKU.  The logging is unilluminating (information ignored, etc).

 

Any suggestions for debugging?

4 Replies 4

ktonev
Cisco Employee
Cisco Employee

Hi John,

Without any specific information I can only suggest to double check the available options you have on both sides of the IPsec tunnel and ensure that you are using identical settings (i.e. same DH group, encryption method, etc.). You can also configure Logging for Informational or Debugging to see more information in the log table.

If you are still unable to get the VPN established I'd suggest to call our support centre for further assistance as this may be the quickest way to resolve this.

Thanks,
Kris

Thanks. I'm sorry about the lack of specific information, but that's part of the problem: it's quite hard to debug what is going on, even looking at the logging.


Documentation request: It would be helpful to have a documented example of a working S2S Azure setup for Basic and for one of the more advanced SKUs.


It should work. MS provide a sample config, although that is, of course, not directly configurable on the RV134w:

https://github.com/Azure/Azure-vpn-config-samples/blob/master/Openswan/ipsec.conf


At least part of the problem will be that the current OpenSwan build on the RV134w firmware is from 2013 and so does not really support IKEv2 (although the documentation fails to point that out). Feature request: update to a more current version of OpenSwan, or to whatever VPN package is currently best supported (StrongSwan, etc).


If you can suggest what I can do to offer you some better diagnostics to consider, I'd be happy to provide them, but it would be more productive for you to establish a working example so that you can examine things more closely for yourselves.


Thanks, jrp

<>

[https://avatars0.githubusercontent.com/u/6844498?s=400&v=4]<>

Azure/Azure-vpn-config-samples - GitHub<>
github.com
Azure-vpn-config-samples - VPN configuration samples for VPN devices with work with Azure VPN Gateways



Well, I tried this again and I now have a tunnel!  I don't know what, if anything, I did differently, but the SA came up and the tunnel is established to a policy-routing based Azure gateway using just the simple setup.  Perhaps the Azure side wasn't fully provisioned last time I tried, or I mistyped an address or ...  Hard to tell in the absence of error messages.

 

There are still some error messages in the log 

IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)

but they don't seem to affect anything.

 

Having got the tunnel up, I now need to figure out how to

= make the setup robust -- both endpoints use dynamic IP addresses

= set up DNS

= ensure that routing works in both directions.  As present, I seem to be able to ping things in both directions without the Azure subnet appearing on the RV134w routing table.

Trying to do this for the RV345 but not getting a connection. Any possible way for you to provide with some guide/screenshots on how your setup is configured that might clue us in on what we are missing?