Azure VPN Gateway basic SKU policy and connection setup

Question

I created a Basic SKU VPN Gateway and now need to create a policy and connection. Since Basic has several restrictions, IPSec/IKE, I assume setting policy and creating a connection still requires Cloud CLI instead of the portal. I used the following code:

$ipsecpolicy6 = New-AzIpsecPolicy -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup24 -IpsecEncryption AES256 -IpsecIntegrity SHA256 -PfsGroup None - SALifeTimeSeconds 14400 -SADataSizeKilobytes 102400000

New-AzVirtualNetworkGatewayConnection -Name "TCS_S2S" -ResourceGroupName "WS_basic_vpngw_2" -VirtualNetworkGateway1 $vnet1gw -LocalNetworkGateway2 $lng6 -Location $Location1 -ConnectionType IPsec -IpsecPolicies $ipsecpolicy6 -SharedKey 'AzureA1b2C3'

Unfortunately, the VPN device on-premises does not support DHGroup 24. Before proceeding any further, I want to confirm the default parameters for Basic SKU and determine if "ipsecpolicy6" is not the default policy. Any help would be appreciated. Thank you.

Answer

@TCS Master ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Unless you are using a Classic VNET/VPN Gateway, you should be able to use Azure CLI/Powershell in both CloudShell as well as local server.

The Default IPsec/IKE parameters are defined here. You can refer to this and validate if the default matches your requirement.

However, please note that custom policy parameters are supported only in the following gateway SKUs

VpnGw1~5 and VpnGw1AZ~5AZ
Standard and HighPerformance

This means, you cannot custom policy defined in a Basic SKU.

Hope this adds more clarity.

Cheers,

Kapil

Share via

Azure VPN Gateway basic SKU policy and connection setup

1 answer

Your answer