Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring site-to-site VPN for Cloud Edge and Azure Network

    • Updated:
    • 27 Jan 2020
    • Product/Version:
    • Cloud Edge 5.0
    • Cloud Edge 5.2
    • Cloud Edge 5.3
    • Cloud Edge 5.5
    • Platform:
    • N/A
Summary

Learn how to set up a site-to-site VPN between Cloud Edge and Azure Network.

Details
Public
  1. Configure the virtual network.
    1. Login to your Azure account.
    2. Click Create a resource.

      Create a resource

    3. Search for Virtual Network and click Create.

      Create virtual network

    4. Fill out the information needed on the virtual network creation page, then click Create.

      Create virtual network

      ​​
       
      Free trial was used for this testing.
  2. Configure the virtual network gateway.
    1. In the Azure dashboard, click Create a resource.
    2. Search for Virtual network gateway and click Create.

      Create virtual network gateway

    3. Enter the settings for your virtual network gateway.
      • VPN type: Policy-based
      • Virtual network: Select the network created on Step 1.
      • Public IP address: Create a new public IP address if not available

      Configure virtual network gateway

    4. Click Next: Tags and enter the settings in Tags page.

      Enter settings under Tags

    5. Click Next: Review + create.
    6. Click Create to start creating a virtual network gateway.

      Create virtual network gateway

  1. In the Azure Dashboard, click Create a resource.
  2. Search for Local network gateway and click Create.

    Local network gateway

  3. Enter the settings for your virtual network gateway.
    • IP address: Public IP used by Cloud Edge appliance
    • Address space: Local subnet under Cloud Edge appliance

    Enter settings for virtual network gateway

  4. Click Create.
  1. In the Azure dashboard, locate and select the created Local Network Gateway.
  2. Under Settings, go to Connection and click Add.

    Add connection

  3. Input the settings for the new IP security (IPSec) site-to-site connection. For the following fields, select the network gateway created on the previous steps:
    • Virtual Network Gateway
    • Local Network Gateway

    Configure new IPSec

  4. Click Create to build the IPSec site-to-site connection.
  1. Login to Cloud Edge Cloud Console (CECC).
  2. Select the Policies tab and click IP Addresses/FQDNs.
  3. Click Add and create two (2) IP Address objects:
    • IP address for local network protected by Cloud Edge appliance
    • IP address for Azure virtual network

    Add IP Address

  4. Click the Gateways tab and select the registered Cloud Edge Appliance.

    Select registered Cloud Edge Appliance

  5. Access Site-to-Site VPN.
  6. Go to Policies tab and click Add.
  7. Configure the following for the IPSec Policy:
    • IKE encryption algorithm: Change from AES 128 to AES 256
    • IPSec encryption algorithm: Change from AES 128 to AES 256

    IP Sec policy

  8. Click Save.
  9. Go to Connections tab and click Add.
  10. Configure the following settings:
    • Gateway: Input the Public IP address used by Azure Virtual Network Gateway
    • Remote ID: Input the Public IP address used by Azure Virtual Network Gateway
    • Local Networks: Select IP address object for local network protected by Cloud Edge appliance (Step 3)
    • Remote Networks: Select IP address object for local network protected by Azure virtual network (Step 3)
    • Key and Confirm Key: Input same shared key used by Azure Site-to-site IPSec connection.
    • Policy Name: Select policy created on Step 6

    Add IPSec connection

Cloud Edge Cloud Console

  1. Access Gateways and select the registered Cloud Edge appliance.
  2. Go to Site-to-Site VPN and click Status.
  3. Check for "ESTABLISHED" and "INSTALLED" to confirm the successful tunnel.

    Established and installed

Azure

  1. Open the Azure portal dashboard.
  2. Click All Resources, then locate your virtual network gateway.
  3. Click Connections. Status should show as connected for successful connection.

    Successful connection

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000238715
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.