I was working with a customer to set up a site-to-site VPN between Windows Azure and a corporate network. On the Windows Azure Virtual Network Dashboard, it showed the VPN tunnel was connected but data in and out were 0 KB even after a long time. Firewalls were open to allow the Windows Azure gateway in the corporate network. What went wrong?
The router on the corporate network was Cisco ASA 5500 Series device with ASA OS version 8.4. A VPN configuration script was downloaded from the Virtual Network Dashboard in Windows Azure but the script was for OS version 8.3.
Obviously, the script did not work well for OS version 8.4. It ended up two changes were required for the following sections to resolve the issue.
- Internet Key Exchange (IKE) configuration
- Tunnel configuration
Internet Key Exchange (IKE) configuration
In this section, replace isakmp with ikev1 on the second line before policy 10.
In this section, add ikev1 in front of the keyword pre-shared-key.
After re-running the modified script in the Cisco VPN device, the IN/OUT KB started to increase. VMs were able to communicate between the two networks via PING. Everything seemed to work fine.