{"id":1014,"date":"2016-07-09T20:52:31","date_gmt":"2016-07-09T20:52:31","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2016\/07\/09\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa\/"},"modified":"2023-02-24T08:03:45","modified_gmt":"2023-02-24T08:03:45","slug":"how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html","title":{"rendered":"How to Build Site to Site VPN Between Azure &#038; Cisco ASA"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6626da32c80e4\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6626da32c80e4\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Introduction\" title=\"Introduction\">Introduction<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Details\" title=\"Details\">Details<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Versions\" title=\"Versions\">Versions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Encryption_Domain\" title=\"Encryption Domain\">Encryption Domain<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Azure_Steps\" title=\"Azure Steps\">Azure Steps<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Create_Virtual_Network\" title=\"Create Virtual Network\">Create Virtual Network<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Create_Virtual_Machine\" title=\"Create Virtual Machine\">Create Virtual Machine<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Create_Virtual_Network_Gateway\" title=\"Create Virtual Network Gateway\">Create Virtual Network Gateway<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Create_Local_Network_Gateway\" title=\"Create Local Network Gateway\">Create Local Network Gateway<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Create_Connection\" title=\"Create Connection\">Create Connection<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Cisco_ASA\" title=\"Cisco ASA\">Cisco ASA<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Object-Groups\" title=\"Object-Groups\">Object-Groups<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Encryption_Domain-2\" title=\"Encryption Domain\">Encryption Domain<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#NAT\" title=\"NAT\">NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Phase_1\" title=\"Phase 1\">Phase 1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Phase_2\" title=\"Phase 2\">Phase 2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Tunnel_Group\" title=\"Tunnel Group\">Tunnel Group<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Crypto\" title=\"Crypto\">Crypto<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Additional\" title=\"Additional\">Additional<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Confirm\" title=\"Confirm\">Confirm<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#ASA_Phase_1\" title=\"ASA Phase 1\">ASA Phase 1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#ASA_Phase_2\" title=\"ASA Phase 2\">ASA Phase 2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\/#Azure_Connection\" title=\"Azure Connection\">Azure Connection<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Introduction\"><\/span>Introduction<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Details\"><\/span>Details<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before we dive into the steps it is worth mentioning the versions and encryption domain used within this tutorial,<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Versions\"><\/span>Versions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<table class=\"table table-striped table-condensed\">\n<tbody>\n<tr>\n<td><strong>Azure Deployment Mode<\/strong><\/td>\n<td>ARM (Azure Resource Manager)<\/td>\n<\/tr>\n<tr>\n<td><strong>ASA Version<\/strong><\/td>\n<td>9.1(7)4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><span class=\"ez-toc-section\" id=\"Encryption_Domain\"><\/span>Encryption Domain<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<table class=\"table table-striped table-condensed\">\n<tbody>\n<tr>\n<td><strong>Azure Peer<\/strong><\/td>\n<td>13.89.48.98<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Endpoint<\/strong><\/td>\n<td>172.16.0.0\/16<\/td>\n<\/tr>\n<tr>\n<td><strong>ASA Peer<\/strong><\/td>\n<td>109.1.1.1<\/td>\n<\/tr>\n<tr>\n<td><strong>ASA Endpoint<\/strong><\/td>\n<td>192.168.1.0\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><span class=\"ez-toc-section\" id=\"Azure_Steps\"><\/span>Azure Steps<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Within Azure, the configuration of the VPN centres around <a href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/microsoft-azure-virtual-networks-vnets.html\">Azure Virtual Networks<\/a>. \u00a0In the following steps we will create a VNet, and subnet. Then assign it to a newly created VM. If you have already done this you can skip over these steps.<\/p>\n<p><span class=\"uk-badge\">NOTE <\/span>\u00a0Further information on Azure Virtual Networks and the different deployment models can be found <a href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/microsoft-azure-virtual-networks-vnets.html\">here<\/a>.<\/p>\n<div class=\"uk-alert uk-alert-info\" data-uk-alert=\"\"><span class=\"uk-icon-lightbulb-o uk-icon-medium\"><strong>\u00a0 <\/strong><\/span> Always make sure that your Azure resource has finished provisioning before proceeding with the next step.<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Create_Virtual_Network\"><\/span>Create Virtual Network<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>From the favourites menu select <strong>Virtual networks.<\/strong><\/li>\n<li>Click Add.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet.avif 428w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet-173x300.avif 173w\" sizes=\"(max-width: 428px) 100vw, 428px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet.webp 428w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet-173x300.webp 173w\" sizes=\"(max-width: 428px) 100vw, 428px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet.png\" height=\"742\" width=\"428\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet.png 428w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step1-create-vnet-173x300.png 173w\" sizes=\"(max-width: 428px) 100vw, 428px\" class=\" size-full wp-image-1003 sp-no-webp\" alt=\"step1-create-vnet\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Create_Virtual_Machine\"><\/span>Create Virtual Machine<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>From the favourites\u00a0menu select <strong>Virtual machines.<\/strong><\/li>\n<li>Click Add.<\/li>\n<li>Choose your image. In this example we will use Ubuntu 14.04.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21.avif 681w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21-276x300.avif 276w\" sizes=\"(max-width: 681px) 100vw, 681px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21.webp 681w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21-276x300.webp 276w\" sizes=\"(max-width: 681px) 100vw, 681px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21.png\" height=\"739\" width=\"681\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21.png 681w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step2-createvm21-276x300.png 276w\" sizes=\"(max-width: 681px) 100vw, 681px\" class=\" size-full wp-image-1005 sp-no-webp\" alt=\"step2-createvm21\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Create_Virtual_Network_Gateway\"><\/span>Create Virtual Network Gateway<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>From the favourites\u00a0menu select <strong>Virtual network gateways.<\/strong><\/li>\n<li>Click Add.<\/li>\n<li>Add the necessary settings. The ones to note are,\n<ul>\n<li><strong>Virtual Network<\/strong> &#8211; When you add the previously created Virtual Network it will provide you with a Gateway subnet range. This will be used by \u00a0Azure to build a gateway subnet. Gateway subnets are only used for VPNs within Azure.<\/li>\n<li><strong>Public IP<\/strong> &#8211; Select &#8216;create new&#8217; and then ok.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw.avif 469w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw-190x300.avif 190w\" sizes=\"(max-width: 469px) 100vw, 469px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw.webp 469w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw-190x300.webp 190w\" sizes=\"(max-width: 469px) 100vw, 469px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw.png\" height=\"742\" width=\"469\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw.png 469w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step3-create-vnet-gw-190x300.png 190w\" sizes=\"(max-width: 469px) 100vw, 469px\" class=\" size-full wp-image-1007 sp-no-webp\" alt=\"step3-create-vnet-gw\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Create_Local_Network_Gateway\"><\/span>Create Local Network Gateway<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This step may confuse some, as though it is named Local Network Gateway, it represents the remote side (peer\/endpoint).<\/p>\n<ol>\n<li>From the favourites\u00a0menu select Local Network Gateway.<\/li>\n<li>Click Add.<\/li>\n<li>Add the &#8216;IP Address&#8217;. This is the remote peer IP.<\/li>\n<li>Add the &#8216;Address space&#8217;. This is the remote endpoint\/endpoints.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1.avif 446w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1-179x300.webp 179w\" sizes=\"(max-width: 446px) 100vw, 446px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1.webp 446w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1-179x300.webp 179w\" sizes=\"(max-width: 446px) 100vw, 446px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1.png\" height=\"748\" width=\"446\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1.png 446w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step4-create-local-gw1-179x300.png 179w\" sizes=\"(max-width: 446px) 100vw, 446px\" class=\" size-full wp-image-1009 sp-no-webp\" alt=\"step4-create-local-gw1\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Create_Connection\"><\/span>Create Connection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li>From the favourites\u00a0menu select <strong>Virtual network gateways.<\/strong><\/li>\n<li>Select VNETGW-POLICY.<\/li>\n<li>Goto Settings.<\/li>\n<li>Click Connections.<\/li>\n<li>Click Add.<\/li>\n<li>Add the necessary settings,\n<ul>\n<li><strong>Connection type<\/strong> : site-to-site (IPsec)<\/li>\n<li><strong>Gateways<\/strong> : The virtual\/local network gateway previously created<\/li>\n<li><strong>Shared key (PSK)<\/strong> : &lt;psk&gt;<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection.avif 720w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection-290x300.avif 290w\" sizes=\"(max-width: 720px) 100vw, 720px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection.webp 720w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection-290x300.webp 290w\" sizes=\"(max-width: 720px) 100vw, 720px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection.png\" height=\"745\" width=\"720\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection.png 720w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step5-create-connection-290x300.png 290w\" sizes=\"(max-width: 720px) 100vw, 720px\" class=\" size-full wp-image-1011 sp-no-webp\" alt=\"step5-create-connection\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n<div class=\"uk-alert uk-alert-info\" data-uk-alert=\"\"><span class=\"uk-icon-lightbulb-o uk-icon-medium\"><strong>\u00a0 <\/strong><\/span>If the necessary shortcuts aren&#8217;t within your favorites menu, select &#8216;New &gt; Networking&#8217;. From there you will be presented with the required networking shortcuts.<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Cisco_ASA\"><\/span>Cisco ASA<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Below provides the necessary ASA configuration.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Object-Groups\"><\/span>Object-Groups<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>First we configure the object groups for encryption domain endpoints.<\/p>\n<pre class=\"prettyprint\">object-group network AZURE-NET\r\n  description Azure Virtual Network\r\n  network-object 172.16.0.0 255.255.255.0\r\nobject-group network ONPREM-NET\r\n  description OnPrem Network\r\n  network-object 192.168.1.0 255.255.255.0\r\n<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Encryption_Domain-2\"><\/span>Encryption Domain<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We then configure the encryption domain, using the previously created object groups.<\/p>\n<pre class=\"prettyprint\">access-list AZURE-VPN-ACL extended permit ip object-group ONPREM-NET object-group AZURE-NET<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"NAT\"><\/span>NAT<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>NAT is configured to exclude the traffic to\/from the endpoints.<\/p>\n<pre class=\"prettyprint\">nat (inside,outside) 1 source static ONPREM-NET ONPREM-NET destination static AZURE-NET AZURE-NET<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Phase_1\"><\/span>Phase 1<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Phase 1 parameters are then defined.<\/p>\n<pre class=\"prettyprint\">crypto ikev1 enable outside\r\ncrypto ikev1 policy 5\r\n  authentication pre-share\r\n  encryption aes-256\r\n  hash sha\r\n  group 2\r\n  lifetime 28800<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Phase_2\"><\/span>Phase 2<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Then then phase 2 parameters.<\/p>\n<pre class=\"prettyprint\">crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac\r\ncrypto ipsec security-association lifetime seconds 3600\r\ncrypto ipsec security-association lifetime kilobytes 102400000<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Tunnel_Group\"><\/span>Tunnel Group<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The tunnel group with the preshared key is configured.<\/p>\n<pre class=\"prettyprint\">tunnel-group 13.89.48.98 type ipsec-l2l\r\ntunnel-group 13.89.48.98 ipsec-attribute\r\n ikev1 pre-shared-key &lt;PSK&gt;<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Crypto\"><\/span>Crypto<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The encryption domain, peer and phase 2 parameters are then all assigned to a tunnel group.<\/p>\n<pre class=\"prettyprint\">crypto map azure-crypto-map 1 match address AZURE-VPN-ACL\r\ncrypto map azure-crypto-map 1 set peer 13.89.48.98\r\ncrypto map azure-crypto-map 1 set ikev1 transform-set azure-ipsec-proposal-set\r\ncrypto map azure-crypto-map interface outside<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Additional\"><\/span>Additional<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Finally we avoid fragmentation by clamping the MSS, and maintain TCP state table info when the L2L VPN re-establishes the tunnel.<\/p>\n<pre class=\"prettyprint\">sysopt connection tcpmss 1350\r\nsysopt connection preserve-vpn-flows<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Confirm\"><\/span>Confirm<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Once you have configured the VPN, use the following commands to confirm that the VPN is functioning correctly.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"ASA_Phase_1\"><\/span>ASA Phase 1<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To confirm that phase 1 has successfully established use the following command. The output should show <span class=\"codeinline\">MM_ACTIVE<\/span>.<\/p>\n<pre class=\"prettyprint\">ciscoasa-9.1(config)#  show crypto isakmp\r\n \r\nIKE Peer: 13.89.48.98\r\n    Type    : L2L             Role    : responder\r\n    Rekey   : no              State   : MM_ACTIVE<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"ASA_Phase_2\"><\/span>ASA Phase 2<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To ensure that phase 2 has successfully established use the following command &#8211; <span class=\"codeinline\">show crypto ipsec sa peer 13.89.48.98<\/span><br \/>\nOnce run confirm that,<\/p>\n<ol>\n<li>Security associations are present<\/li>\n<li>The tunnel is both encrypting and decrypting packets. This can be determined by ensuring that the <span class=\"codeinline\">#pkts encap\/decap<\/span> totals are incrementing.<\/li>\n<\/ol>\n<pre class=\"prettyprint\">ciscoasa-9.1(config)# show crypto ipsec sa peer 13.89.48.98\r\ninterface: outside\r\n    Crypto map tag: azure-crypto-map, seq num: 1, local addr: 109.1.1.1\r\n\r\n      access-list azure-vpn-acl extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.255.0.0\r\n      local ident (addr\/mask\/prot\/port): (192.168.1.0\/255.255.255.0\/0\/0)\r\n      remote ident (addr\/mask\/prot\/port): (172.16.0.0\/255.255.0.0\/0\/0)\r\n      current_peer: 13.89.48.98\r\n\r\n      #pkts encaps: 5, #pkts encrypt: 0, #pkts digest: 0\r\n      #pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5\r\n      #pkts compressed: 0, #pkts decompressed: 0\r\n      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0\r\n      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0\r\n      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0\r\n      #TFC rcvd: 0, #TFC sent: 0\r\n      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0\r\n      #send errors: 0, #recv errors: 0\r\n\r\n      local crypto endpt.: 109.1.1.1\/0, remote crypto endpt.: 13.89.48.98\/0\r\n      path mtu 1500, ipsec overhead 74(44), media mtu 1500\r\n      PMTU time remaining (sec): 0, DF policy: copy-df\r\n      ICMP error validation: disabled, TFC packets: disabled\r\n      current outbound spi: F57DE464\r\n      current inbound spi : 86B603F5\r\n              \r\n! remaining output omitted<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Azure_Connection\"><\/span>Azure Connection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To show the status and the throughput totals you can click on the connection from within <strong>Virtual network gateways &gt; VNETGW-POLICYVPN &gt; Settings &gt; Connections<\/strong>.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection.png\" data-lightbox=\"\"> <picture><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection.avif 1117w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-300x153.avif 300w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-1024x523.avif 1024w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-768x393.webp 768w\" sizes=\"(max-width: 1117px) 100vw, 1117px\" type=\"image\/avif\"><source srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection.webp 1117w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-300x153.webp 300w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-1024x523.webp 1024w,https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-768x393.webp 768w\" sizes=\"(max-width: 1117px) 100vw, 1117px\" type=\"image\/webp\"><img src=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection.png\" height=\"571\" width=\"1117\" srcset=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection.png 1117w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-300x153.png 300w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-1024x523.png 1024w, https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_step6-show-connection-768x393.png 768w\" sizes=\"(max-width: 1117px) 100vw, 1117px\" class=\" size-full wp-image-1013 sp-no-webp\" alt=\"step6-show-connection\" loading=\"lazy\" decoding=\"async\" style=\"width: 90%; display: block; margin-left: auto; margin-right: auto;\"  > <\/picture> <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details Before we dive into the steps it is worth mentioning the versions and encryption domain used within this tutorial, Versions Azure Deployment Mode ARM (Azure Resource Manager) ASA &#8230; <a title=\"How to Build Site to Site VPN Between Azure &#038; Cisco ASA\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\" aria-label=\"Read more about How to Build Site to Site VPN Between Azure &#038; Cisco ASA\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":1001,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Build Site to Site VPN Between Azure &amp; Cisco ASA - Fir3net<\/title>\n<meta name=\"description\" content=\"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Build Site to Site VPN Between Azure &amp; Cisco ASA - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-09T20:52:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T08:03:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"How to Build Site to Site VPN Between Azure &#038; Cisco ASA\",\"datePublished\":\"2016-07-09T20:52:31+00:00\",\"dateModified\":\"2023-02-24T08:03:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\"},\"wordCount\":600,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png\",\"articleSection\":[\"Azure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\",\"url\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\",\"name\":\"How to Build Site to Site VPN Between Azure & Cisco ASA - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png\",\"datePublished\":\"2016-07-09T20:52:31+00:00\",\"dateModified\":\"2023-02-24T08:03:45+00:00\",\"description\":\"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png\",\"width\":250,\"height\":250},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud\",\"item\":\"https:\/\/www.fir3net.com\/cloud\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Azure\",\"item\":\"https:\/\/www.fir3net.com\/cloud\/azure\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"How to Build Site to Site VPN Between Azure &#038; Cisco ASA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Build Site to Site VPN Between Azure & Cisco ASA - Fir3net","description":"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html","og_locale":"en_US","og_type":"article","og_title":"How to Build Site to Site VPN Between Azure & Cisco ASA - Fir3net","og_description":"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details","og_url":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html","og_site_name":"Fir3net","article_published_time":"2016-07-09T20:52:31+00:00","article_modified_time":"2023-02-24T08:03:45+00:00","og_image":[{"width":250,"height":250,"url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png","type":"image\/jpeg"}],"author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"How to Build Site to Site VPN Between Azure &#038; Cisco ASA","datePublished":"2016-07-09T20:52:31+00:00","dateModified":"2023-02-24T08:03:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html"},"wordCount":600,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"image":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png","articleSection":["Azure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html","url":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html","name":"How to Build Site to Site VPN Between Azure & Cisco ASA - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage"},"image":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png","datePublished":"2016-07-09T20:52:31+00:00","dateModified":"2023-02-24T08:03:45+00:00","description":"Introduction Within this article we will show you how to build a policy based site to site VPN between Microsoft Azure and a Cisco ASA firewall. Details","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#primaryimage","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2016\/07\/images_articles_azure-icon-250x250.png","width":250,"height":250},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Cloud\/AZURE\/how-to-build-a-site-to-site-vpn-between-azure-and-a-cisco-asa.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Cloud","item":"https:\/\/www.fir3net.com\/cloud"},{"@type":"ListItem","position":3,"name":"Azure","item":"https:\/\/www.fir3net.com\/cloud\/azure"},{"@type":"ListItem","position":4,"name":"How to Build Site to Site VPN Between Azure &#038; Cisco ASA"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/1014"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=1014"}],"version-history":[{"count":4,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/1014\/revisions"}],"predecessor-version":[{"id":3641,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/1014\/revisions\/3641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media\/1001"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=1014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=1014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=1014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}