Page 1 of 1

Route the same LAN network through IPSec

Posted: 23 Sep 2020, 18:07
by JonPre
Hello team,

I would like to know if it's possible to do the scheme in attach?
Schema W3COM AZURE ORANGE.jpg
The idea is to enable the communication between 10.1.1.4 and 10.254.254.2 by using the intermediate gateway 10.1.1.62.

I know it's unusual but it's a necessity.

Thanks for your help.

Re: Route the same LAN network through IPSec

Posted: 25 Sep 2020, 12:50
by gregober
Hello Jon,

Yes, I think It is possible to do that without any problem.

You probably will have to go through the details of the configuration of IPsec proposed by Microsoft.
This seems to be detailed here : https://docs.microsoft.com/fr-fr/azure/ ... ger-portal

It looks like they are using the following :
  • For phase one :
    • Key exchange : auto
    • Remote GW : depending on your location
    • Authentication mode : Mutual PSK
    • Negociation mode : Main
    • My ID : My IP
    • Peer ID : Peer IP
    • Encryption P1 : AES 256 - SHA256 - DH Group 2
  • For phase two :
    • List remote network
    • Also in AES 256
    • List local network

You'll need to add the right FW rules in order to secure all this…
But basically this should do it !