Create a Side-to-Side VPN with AZURE and Sophos

In this short article, I want you to show how easy it is to create a VPN between your private network and an AZURE Cloud network.

Table of Content

Azure

First of all, we have to think about the planned network, to get a plan of what we want to do… So I want to create an AZURE network that connects to my local network. I, for example, have the following network specifications:

Local Network Range: 10.10.3.0 /24

Azure Network Range: 10.100.0.0/16

Now we start with the AZURE part. First, we create a new Ressource Group for the project, to get a better overview.

As the first network component, we add a virtual network to our space with the size 10.100.0.0/16 (it needs to be that big in order to deploy multiple networks in it). Before we finish the configuration, we add a network to it:
Sub1: 10.100.1.0 /24 (In this range we deploy the servers)

The next step is to create a virtual network gateway, the gateway point to our newly created gateway subnet, and need a new public IP address. For a working gateway, we need a public IP and an access range, so we chose the before create a virtual network and add as gateway subnet range 10.100.0.0/24 (Can be much smaller if needed).

Now we have to define the Sophos Firewall for this, we create a local network gateway with the Information of our local firewall.

Finally, we add a connection to the gateway. To get a working connection, we need the local network gateway, virtual network and gateway and a preshared key.

Sophos

To get the VPN up we have to do a few steps on ouer Sophos Firewall:

  1. Create the network 10.100.0/16 (I named it Azure_Sub1) in Hosts-Services
  2. Create an In & Out Bound Rule on the firewall

3. Create the Side-to-Side VPN with the following settings:

General Settings:

  • Name: Input any preferred name.
  • IP Version: IPv4.
  • Activate on Save: Selected.
  • Description: Add a description for the connection.
  • Connection Type: Site-to-Site.
  • Gateway Type: Respond only

Encryption:

  • Policy: The recently cloned Microsoft Azure.
  • Authentication Type: Preshared Key.
  • Preshared Key: Enter the same preshared key that you entered when creating the VPN connection on Azure.
  • Repeat Preshared Key: Confirm the preshared key from above

Gateway Settings:

  • Listening Interface: Select the WAN interface of the Sophos XG Firewall.
  • Gateway Address: Input the public IP of the Azure VPN gateway noted earlier.
  • Local ID: IP Address.
  • Remote ID: IP Address.
  • Local ID: Enter the public IP of the on-premise Sophos XG Firewall.
  • Remote ID: Input the public IP of the Azure VPN gateway that you noted earlier.
  • Local Subnet: Enter the local subnet created earlier. This subnet is behind the on-premise Sophos XG Firewall.
  • Remote Subnet: Enter the remote subnet created earlier. This subnet is behind the Azure virtual network gateway.

In the VPN overview, you can now click on the red dots to fire the VPN up.

Now you if both dots stay green, you can double-check your settings in AZURE, in on the gateway under point connections. There you can see if you have some traffic on it.

The Short Way

  1. Azure
    1. Create a Virtual Network
    2. Create a Virtual Network Gateway
    3. Create a Local Network Gateway
    4. Create a connection in the Virtual Network Gateway
  2. Sophos
    1. Create an AZURE network range in Hosts-Services
    2. Create an IN & OUT bound rule for the AZURE Network
    3. Create the Side-to-Side VPN
    4. Fire the VPN up

Leave a Reply

Powered by WordPress.com.

Up ↑

%d bloggers like this: