How to create site to site Policy based VPN tunnel between Azure and Cisco ASA step by step

Below are the steps to create a Azure VNET IPSEC tunnel to Cisco ASA on premise

Follow the step by step configurations

Create a VNET which is like creating a Virtual Data center by clicking on the + sign+Networking+Virtual network

Below are settings you will need to input

  • Name of the Virtual Network
  • Address Space – I recommend creating  /16
  • Name of the Subnet – you can have one big subnet and control access by Security Groups
  • Will need to define the subnet range
  • You can have multiple subscriptions – Choose the one you like
  • Create a new Resource group unless there is one you want to use and is created


Create a Virtual Network Gateway  clicking on the + sign and adding the following values

  • Name of the Gateway
  • Choose “VPN”
  • Choose “Polic Based”
  • Choose the VNET that you created initially in the previous step
  • Choose  Public IP will give you option to create a new IP which will be your Peer IP for IPsec tunnel

You will now need to create Local Gateway and steps are listed below

  • Click on the + sign
  • Choose Networking
  • Choose Local Network Gateway
  • Choose the name of the gateway
  • Public IP address of the your Cisco VPN ASA
  • Local address space behind the Cisco ASA
  • Choose the Resource group
  • Click on create

Now you will need to create a connection – steps listed below

  • Click the + sign
  • Choose Networking
  • Choose Connection
  • Choose the Name in Basic Settings
  • Choose the Virtual Network gateway
  • Choose the Local Gateway
  • Choose the Connection
  • Input the Pre-shared key
  • Click to create to create the connection

This completes VPN setup steps in Azure – below are the objects you should see when you are done

  1. local network gateway
  2. Virtual network
  3. Virtual network gateway
  4. Public IP address
  5. Connection

Now that the Azure side is completed, you will need to configure the Cisco ASA side





Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button