This knowledge base article explains how to set up an IPsec connection from the Sophos UTM to Microsoft Azure. This article goes through each step required to have a functional virtual network to connect to Azure. Please adapt these steps to fit your existing environment. The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
The example below describes the steps to build a new environment but can be easily adapted to an existing environment.
The Virtual Network defines the address space used in Azure, as well as what subnets are in that network.
The Virtual Network Gateway defines the external IP with which VPN tunnels can be created. It also defines which networks can be accessed by those VPNs.
The Local Network Gateway specifies the public IP and private IP's of local networks that may establish a connection to Azure.
The connection defines a specific VPN tunnel and which networks may access it.
The UTM will be set up like any normal IPsec tunnel except that we must make an encryption policy specific to Azure's requirements.
This defines the remote address the UTM will connect to.
The IPsec Policy defines the encryption and other security parameters used by the IPsec tunnel. Azure has specific requirements and we have found that these settings work best.
This creates the IPsec tunnel by selecting a Remote Gateway, Policy and defining which local networks can access the tunnel.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.