Sophos UTM - setup a site to site VPN to Azure


References

Refer to this KB articles for VPN setup requirements.

 Procedure

  • Sophos VPN you create by doing the following
  • Logon to the Sophos UTM admin page
  • Browse to Site-to-site VPN, click on IPSec and click on the policies tab 
  • Either clone an existing policy (AES-256) or create a new policy. 
  • Ensure the following has been set
    • Name – Give it a name (eg, Azure-AES) 
    • IKE encryption algorithm – AES 256
    • IKE authentication algorithm – SHA1
    • IKE SA lifetime – 28800
    • IKE DH Group – Group 2: MODP 1024
    • IPsec encryption algorithm – AES 128
    • IPsec authentication algorithm – SHA1
    • IPsec SA lifetime – 3600
    • IPsec PFS group – None
    • Strict Policy – un-ticked
    • Compression – un-ticked

UPDATE – I have had problems with AU based networks with phase 2 so I have changed IPSEC to the following

  • IPSec encryption – AES 128
  • IPsec authentication algorithm – SHA1
  • IPsec SA lifetime – 3600 (I have also found I need to change this to 28000)

Go to Remote Gateways tab, create a new Remote Gateway and call it Azure

  • Gateway Type – Initiate connection
  • Gateway – The Gateway IP at Azure
  • Authentication Type – Preshared key
  • Key – the Key that is found in Azure
  • VPN ID type – IP Address
  • VPN ID – <leave blank>
  • Remote Networks – The Azure VPN network

VPN Status should come up as green on both ends

Azure


0 Comments
Guest