Olá,
Neste tutorial iremos criar um tunnel de VPN entra Azure (RoutedBased) e Palo Alto (Iremos abordar somente configuração do no Palo Alto).
Iremos considerar o seguinte cenário:
Rede Local (Palo Alto): 10.91.0.0/16
Rede Remota (Azure): 10.255.0.0/16
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
No Palo Alto
1-) Passo
Name: ike_crypto_azure
DH Group: group2
Encryption: aes-128-cbc
Authentication: sha1
Key Lifetime: Seconds 29000
IKEv2 Authentication Multiple: 0
2) Passo
IPSec Crypto
Name: ipsec_crypt_azure
Encryption: aes-256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: Hours 8
3) Passo
Name: ike_gateway_azure
Version: IKEv2 only mode
Address Type: IPv4
Interface: ae1.200 (Neste exemplo essa é minha interface)
Peer IP Type: Static
Peer IP Address: IP do PUBLICO
Pre-shared Key: XXXXXXXXXXXX
Local Identification: Nome
Local Identification: Nome
4) Passo
IKE Gateway (Advanced Options)
Common Options: Enable Passive Mode
IKEv2: ike_crypt_azure
Liveness Check: Interval (sec) 5
5) Passo
Interfaces
Add
Name: ipesec_tunnel_azure
Tunnel Interface: tunnel.114
Type: Auto Key
Address Typer: IPv4
IKE Gateway: ike_gateway_azure
IPSec Crypto Profile: ipsec_crypt_azure
Show Advanced Options
Enable Replay Protection
6) Passo
Proxy ID
Pronto!!! Tunel de VPN entre Palo Alto e Azure está ok.
Não esqueça de criar:
Route – Zone – Rule Firewall