Site-to-Site IPSEC between AWS and Azure (VM-Series)

sscarola — Thu, 02 Nov 2023 15:31:51 GMT

I am trying to setup an IPSEC Site-to-Site VPN between our azure and aws environment, both of which have VM-300 series fw's running. I am able to get the tunnel up and see traffic coming across the link, but when i try and reach a resource on either end via PING/TRACE etc.. there is no response. I see the requests for the traffic in the PA going in/out the correct interfaces, but it seems like once its hits the vnet/subnet in Azure/AWS it just dies.

Is the configuration supported, or would it require setting up the respective cloud native VPN components (which i really dont want to). We would prefer to send everything directly through the PA's.

Re: Site-to-Site IPSEC between AWS and Azure (VM-Series)

sscarola — Thu, 02 Nov 2023 20:27:05 GMT

determined its supported, since after double checking the security groups on AWS found that the allow rules for Azure traffic were missing. Now I am able to come across the link from Azure and connect to/ping resources in AWS. Still unable to ping/connect to any resources in Azure though from AWS..ive checked out route tables and nsg's in azure and all appears to be ok though..thoughts?

topic Re: Site-to-Site IPSEC between AWS and Azure (VM-Series) in VM-Series in the Public Cloud

Site-to-Site IPSEC between AWS and Azure (VM-Series)

Re: Site-to-Site IPSEC between AWS and Azure (VM-Series)