Azure VPN with dynamic Cisco WAN interface

Paul Smith · ‎05-31-2017

Hi Guys,

I have been tasked with creating a VPN connection from a 2901 router to an Azure VPN. I have done this fine on other routers with static IP's but this one will be a dynamic IP. The reason it is dynamic is because the WAN interface is 4G and I am told that the ISP (Telstra) cannot provide a static IP with 4G. I believe the configuration on the Azure end requires a static IP as a reference for the remote VPN. I am wondering if there is an option to use DynDNS or similar? Another option may be to do an aggressive mode VPN from the Cisco side but I am not sure if Azure supports this. Any ideas?

daniel.rodas1 · ‎08-03-2020

I am having similar issue but, my router is behind NAT. And I enabled IPSec pass-through and port forwarding on UDP 500 and 4500 to my router.

What should the tunnel source IP be? Local router interface, or the NAT public IP?
Also, I am not able to ping the Azure local network gateway IP address from my router. Is that expected?

Thanks,

Daniel R

Richard Burts · ‎08-04-2020

Daniel R

I would expect the configured tunnel source to be the router local interface.

When you attempt to ping are you just doing a normal ping or are you specifying the source for the ping. The real question is whether the source address of the ping is included in the addresses to be sent through the vpn. Normal ping probably uses the router outside interface address and probably is not included in the vpn. ping using the router inside interface address as source has a better chance of being included in the vpn.

HTH

Rick