References
Refer to this KB articles for VPN setup requirements.
- MS - https://msdn.microsoft.com/library/azure/jj156075.a...
- Sophos Forum Article
Procedure
- Sophos VPN you create by doing the following
- Logon to the Sophos UTM admin page
- Browse to Site-to-site VPN, click on IPSec and click on the policies tab
- Either clone an existing policy (AES-256) or create a new policy.
- Ensure the following has been set
- Name – Give it a name (eg, Azure-AES)
- IKE encryption algorithm – AES 256
- IKE authentication algorithm – SHA1
- IKE SA lifetime – 28800
- IKE DH Group – Group 2: MODP 1024
- IPsec encryption algorithm – AES 128
- IPsec authentication algorithm – SHA1
- IPsec SA lifetime – 3600
- IPsec PFS group – None
- Strict Policy – un-ticked
- Compression – un-ticked
UPDATE – I have had problems with AU based networks with phase 2 so I have changed IPSEC to the following
- IPSec encryption – AES 128
- IPsec authentication algorithm – SHA1
- IPsec SA lifetime – 3600 (I have also found I need to change this to 28000)
Go to Remote Gateways tab, create a new Remote Gateway and call it Azure
- Gateway Type – Initiate connection
- Gateway – The Gateway IP at Azure
- Authentication Type – Preshared key
- Key – the Key that is found in Azure
- VPN ID type – IP Address
- VPN ID – <leave blank>
- Remote Networks – The Azure VPN network
VPN Status should come up as green on both ends
Azure
