cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1007
Views
5
Helpful
4
Replies

ASA to Azure Vnet

softone_itdept
Level 1
Level 1

asa version 9.5(2)14

Hello
I have two vlan in the internal network where I want to create for them a different lan to vmnet (vpn to azure) can you tell me if its possible.(ASA 5515)
And if its yes can you please send some guidence .
Thank you

4 Replies 4

Pulkit Saxena
Cisco Employee
Cisco Employee

Hi,

Could you please elaborate your query and also provide a small topology.

-

Pulkit

ok in my internal network   I have 3850 router ,and 2 switch conect it to it.

Both swithes are different companies so in the one have vlan 10 ip let say 193.168.10.0

and in the other have vlan 20 with ip let say 193.10.10.0

the one network with the other or not communicate but in the internet access are coming from one asa 5115.

Now I want the first company vlan 10  to create lan to lan(vnet) azure vpn.

and the same with the second vlan 20 . 

Is it possible to have 2 vpn lan to lan?

any help wil be appreciate.

Thank you

Hi,

In this case you do even need two VPN's to be configured on 3850 side since it is the same peer (Azure VPN).

So we need to configure one VPN and then in the interesting traffic or some say crypto ACL's we need to call both the VLAN's and destination subnet will be the subnet behind Azure.

http://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html

Check this document, the only difference is that we have two subnets behind our router A, an instead of router B, we have Azure VPN.

-

Pulkit

Rahul Govindan
VIP Alumni
VIP Alumni

According to MS documentation, you should be able to do 4 VNETS and 6 On premise networks.

https://blogs.technet.microsoft.com/cloudpfe/2014/07/18/microsoft-azure-connecting-multiple-vnets-to-a-vnet/

Configuration guide for both sides for the Azure VPN is given here:

https://supportforums.cisco.com/blog/12926156/site-site-vpn-between-cisco-asa-and-microsoft-azure-virtual-network-arm

Also sample config on the ASA from MS is given here:

https://github.com/Azure/Azure-vpn-config-samples/blob/master/Cisco/Current/ASA/ASA_9.1_and_above_Show_running-config.txt

You would have to add multiple LAN's to the network object given in this example.