Thank you for sharing it. We have setup site to site between Cisco RV345P and Azure network and we have the connection up and we can see Data In/out. but when we try to RDP  to azure VM added to same VNet  from on-premise network its not working. we have tried to ping the azure vm using private ip but is not working. Any Idea? 

 

are there other settings we have to enable in Cisco Router to make the resources between the two private networks visible? another thing we were able to ping the router private ip from azure VM.

 

Thanks 

Hello ahmadsaleh,

Unfortunately, your message does not bring up helpful details, like topology or logs.

I would suggest to analyze logs on both ends first, better around the issue time.

Oleksiy.

Thank you for the reply. Below are my settings:

On premise:

1) VLAN: 192.168.0.20 255.255.255.0.

2) IPSec/IKE profile is the same as you posted.

3) Created site to site vpn :
for local group match with on premise. used the public ip for router and VLAN Ip address
for remote group match with azure. Used the public id for the gateway and address space for azure network

Azure Setting :

1) Created Azure Virtual Network with address space: 10.1.0.0/16

2) Created 2 subnets Azure Virtual Network :
Default: 10.1.0.0/24
GatewaySubnet: 10.1.1.0/24

3) Created Gateway with Policy Based vpn type and basic SKU.

4) Created local network gateway with public id for on premise router and subnet for on premise VLAN network.

5) Created connection of type Site-to-Site(IPsec) using IKEv1 in virtual Gateway. Shared key is the same on both.

6) Created azure VM in azure in the same Azure Virtual Network.

at this point, Do I need to create more settings on azure Like Route Table?

***The connection status on both on premise and azure UP but I have the following issues:

a) When I ping from azure VM, on premise router IP 192.168.0.20 its working.
b) When I ping from azure VM, any on premise resources like file server, is not working.
c) When I RDP the azure vm private IP from on premise network is not working.

Also, could you please help me where I do find the log for the cisco router?

Thanks,
Ahmad

Hello Ahmad,

First, it's a good thing that the tunnel comes up. This means that negotiation policies are okay and the connection has been established successfully.

Another thing, how data is being exchanged. As a base, the proper routing should be set up on both ends, explicitly understand what means 'working' and 'not working' from the tech purpose, use ping not only indicating destination but also paying attention which source is used. Please take into account if any firewall is installed between two ends - this could also affect the traffic behavior.

I would also suggest to use traceroute/tracert/mtr family utulities to collect as much as possible debug info.

I hope this helps.

Oleksiy.

Oleksiy,

 

Does the router still not understand IKEv2 for Azure connections even with the latest firmware 

 

 

@SeanHodgkinson68170 

 

Starting from 1.0.2.16 the RV34x do support IKEv2.

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Configuring_IKEv2_on_the_RV34x_Series_Router.html

 

Regards,

Martin

I need some help .. Im trying to configure the RV340 to connect site to site to the Azure portal.. I'm sure everything is correct . I have concerns about the IPspec and authentication  . can someone guide me please..