I'm trying to establish a VPN site-to-site between a VPC in Amazon Web Services and a VNet in Microsoft Azure. For that I'd like to use AWS' Virtual Private Gateway on one side and Azure's Virtual Network Gateway on the other side. Is that possible? I mean they both use IPsec but are the Gateways compatible? I appreciate the help.
Asked
Active
Viewed 2,652 times
3 Answers
1
This is now possible and I have documented it here.
Notes:
- It works out of the box. Just setup each side, make the settings match (IP addresses and IP address spaces for the VPC and VNet) and Bob's your uncle.
- You can setup dual tunnels (AWS) and active-active (Azure).
- BGP configuration is still not possible to be matched: AWS uses the tunnel's internal addresses while Azure does not have that concept and hardcodes the last available IP in the GatewaySubnet. Those two things are incompatible, so BGP can't be established with only the native gateways.
Pedro Perez
- 5,652
- 1
- 10
- 11
0
While I haven't done it myself, Microsoft Azure Virtual Network Gateway and AWS Virtual Private Gateway exist specifically for such cases.
Check this resouce, I read its steps and it looks promising and the comments are very positive.
Itai Ganot
- 10,424
- 27
- 88
- 143
0
I have seen neither documentation nor successful implementations of direct interconnection of AWS VPG and Azure VNG.
It seems, they are not compatible: AWS is using IKEv1 and Azure IKEv2
odzhu
- 1
-
The other answer on this question linked to a Microsoft resource that says it's possible. – Tim Nov 22 '18 at 18:55
-
The article is not using AWS VPG. In comments, there is no any success story mentioned also. – odzhu Nov 24 '18 at 08:38
-
This has been possible for a while now: https://cloudnetworking.io/2019/02/25/aws-to-azure-s2s-vpn-ha-active-active/ – Pedro Perez Aug 14 '20 at 15:48