Site-to-Site VPN Between Azure and a Cisco ASA

Create Virtual Network

Create Virtual Machine

Create Virtual Network Gateway

Create Local Network Gateway

This step may confuse some, as though it is named Local Network Gateway, it represents the remote side (peer/endpoint).

Your Vision, Our Expertise

Elevating Your Software Product Engineering Journey with Vast Edge

Create Connection

CISCO ASA Configuration:

Azure Connection

To show the status and the throughput totals you can click on the connection from within Virtual network gateways > VNETGW-POLICYVPN > Settings > Connections.

Site-to-Site VPN between Cisco RV and Amazon Web Services

Setting up a Site-to-Site VPN on Amazon Web Services:

Setting up Site-to-Site on an RV16X/RV26X, RV34X Router:

You have now successfully created a Site-to-Site VPN between CISCO RV series router and your AWS.

Set up VPN between Cisco ASR and Google Cloud VPN

Configure Cisco ASR 1000 for use with the Google Cloud VPN service is to ensure that the following prerequisite conditions have been met:

The Cisco ASR 1000 Series Router IPsec application requires:

IPsec parameters:

For the Cisco ASR 1000 IPsec configuration, the following details will be used:

Configuration - Google Cloud

IPsec VPN using dynamic routing:

For dynamic routing you use Cloud Router to establish BGP sessions between the 2 peers.

Using the Cloud Platform Console:

Configure IKEv2 proposal and policy:

Configure IKEv2 keyring:

The IKEv2 keyring is associated with an IKEv2 profile and hence, caters to a set of peers that match the IKEv2 profile.

Configure IKEv2 profile:

Configure IPsec security association:

Configure IPsec transform set:

During the IPsec SA negotiation, the peers agree to use a particular transform set for protecting a particular data flow.

Configure IPsec profile:

Configure IPsec static virtual tunnel interface (SVTI):

The recommended value is 1360 when the number of IP MTU bytes is set to 1400.

Configure static or dynamic routing protocol to route traffic into the IPsec tunnel:

Statically route traffic toward the network in Google Cloud to the Tunnel interface.

Saving the configuration:

To save the running configuration and set it as the default startup, run the following command on Cisco IOS terminal:

copy run start;

Advanced VPN configurations

Google Cloud Configuration:

Google Cloud does ECMP by default so there is no additional configuration required apart from creating x number of tunnels where x depends on your throughput requirements. You can either use a single VPN gateway to create multiple tunnels or create separate VPN gateway for each tunnel.

Actual performance varies depending on the following factors:

Testing the IPsec connection:

The IPsec tunnel can be tested from the router by using ICMP to ping a host on Google Cloud. Be sure to use the inside interface on the ASR 1000.

ABOUT VAST EDGE

Vast Edge has been empowering businesses since 2004 with tailored cloud solutions that go beyond regular IT management. As a Cloud Solution Provider (CSP), we specialize in delivering fully managed services that combine implementation, integration, and ongoing support - positioning us as your trusted IT partner, not just a vendor.
Our Offerings:
- Azure, GCP, AWS, OCI Cloud Services: Security, DevOps, Data Analytics, Warehousing, AI/ML, and Seamless Integrations
- ERP Migration & Implementation: Expertise across Dynamics, SAP, Sage, Oracle EBS, JDE, & NetSuite
We deliver complete solutions. Our CSP model is built around value-added services, ensuring customers receive expert implementation, optimization, and support alongside their Cloud investments.
Read more about us

QUICK LINKS

TECHNOLOGY PARTNERS

CONTACT US

Copyrights © August 8 , 2025 All Rights Reserved by Vast Edge Inc.