Need some help. I am working on making an Azure VPN back to our SRX 4100s. It is weird because sometimes the connection takes right away and then other times it drops.
Azure’s virtual network gateway will say unknown for a while but then switches to connected. When I look at the IKE security associates on the SRX, it shows that the VPN connection is down.
Anyone have any experience getting this going?
Have you done an Ike-debug on the specific Azure VPN to see whether there’s a mismatch on phase1/2?
Azure and AWS usually provide some kind of template for Juniper devices.
If this was used, I would double check the zones it’s asking you to use (sometimes it says use the Trust zone for the VPN, but we usually use a dedicated VPN zone) and ensure that the gateway IP is not one of the traffic selectors (if you’ve configured traffic selectors). That can cause an annoying issue whereby the tunnel will establish, but then go down because the firewall tries to reach the gateway IP through the tunnel.
Also if they’ve asked you to configure any routing protocols over the tunnel interfaces or any DPD parameters. As well as if they’ve asked you to create two tunnels (primary and backup). The fact that your tunnel comes up sometimes makes me think your Phase1/Phase2 parameters are good, but something else is interfering with the connection between the SRX and the Azure FW.
Hiya,
First off it’s worth looking at this KB