• November 21, 2019, 03:48:37 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway  (Read 1528 times)

Andreas S

  • Level 1 Member
  • *
  • Posts: 3
DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« on: January 26, 2019, 11:24:28 PM »

Greetings :-)

before i start let me tell you that i am a network engineer and i have setup dozens of VPN tunnels between different devices , IPSEC , SSL VPN, OPENVPN

my problem today is that a customer has a DSR-250N and we are trying to setup a simple IPSEC site to site VPN IKEv1 with microsoft azure and it fails dramatcally!

i have setup site to site ipsec vpns with many other firewalls with azure and its pretty straight forward as it supports almost all encryption algorisms , ikev1 ikev2 PFS etc so it basically adjusts to the initiating frewalls proposal and connection is established very easily. so theres really not any point discussing ike parameters here since im using the same parameters as i used on a firewall of a different vendor and the tunnel was connected in less than a minute

my question here is , has anyone managed to succesfully connect a site to site ipsec vpn with microsft azure virtual network gateway using the dlink DSR-250N

any feedback or advice is appreciated

regards

Soff

ps HERES the recent log

CURRENT LOGS
============
Capture the current Logs to file at : Sun Jan 27 09:22:38 2019
===============================================================================
Facility   Severity   Log Message
===============================================================================
VPN        Error        1 2019-01-27T08:55:33+02:00 DSR250N racoon 1758 - - Unknown PRF hash Algorithm
VPN        Error        1 2019-01-27T08:55:34+02:00 DSR250N racoon 1758 - - Failed to get IPsec SA configuration for: 0.0.0.0/32<->0.0.0.0/32 from XXX.XXX.XXX.XXX/32
VPN        Error        1 2019-01-27T08:55:34+02:00 DSR250N racoon 1758 - - failed to get sainfo.
VPN        Error        1 2019-01-27T08:55:34+02:00 DSR250N racoon 1758 - - failed to pre-process packet.
VPN        Error        1 2019-01-27T08:55:35+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:55:36+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:55:39+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:55:46+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:56:00+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:56:19+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:56:28+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:57:25+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:58:14+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:59:19+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:00:08+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:01:13+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:02:04+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:03:08+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:04:00+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:05:04+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:05:56+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:07:00+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:07:51+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:08:56+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:09:45+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:10:51+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:11:40+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:12:45+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:13:36+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:14:40+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:15:32+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:16:36+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:17:29+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:18:32+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:19:24+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:20:30+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T09:21:19+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T09:22:24+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, 2dbd147430e77022:dc0cf1128a7d1dee:00000000
VPN        Error        1 2019-01-27T08:43:40+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:44:49+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, f8a317df6fee4274:f91778fe9c128302:00000000
VPN        Error        1 2019-01-27T08:45:36+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:46:44+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, f8a317df6fee4274:f91778fe9c128302:00000000
VPN        Error        1 2019-01-27T08:47:32+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:48:40+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, f8a317df6fee4274:f91778fe9c128302:00000000
VPN        Error        1 2019-01-27T08:49:28+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:50:36+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, f8a317df6fee4274:f91778fe9c128302:00000000
VPN        Error        1 2019-01-27T08:51:24+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:52:32+02:00 DSR250N racoon 1758 - - can't start the IKE_AUTH exchange, there is no IKE-SA, f8a317df6fee4274:f91778fe9c128302:00000000
VPN        Error        1 2019-01-27T08:54:28+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:54:29+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:54:30+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:54:33+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:54:40+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:54:54+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
VPN        Error        1 2019-01-27T08:55:22+02:00 DSR250N racoon 1758 - - unknown Informational exchange received.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47915
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« Reply #1 on: January 27, 2019, 11:37:27 AM »

I have seen much if anyone, post about the DSR and MS VNG.
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this.
Link> Tech Support Contact Information
We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

Andreas S

  • Level 1 Member
  • *
  • Posts: 3
Re: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« Reply #2 on: February 01, 2019, 05:31:37 AM »

thank you for your reply but i was really hoping for an answer from someone who actually tested the specific scenario i mentioned

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47915
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« Reply #3 on: February 01, 2019, 06:45:24 AM »

Not a lot of postings or replies in regards to this kind of configuration. I guess give it a few days, if nobody responds to you, I would contact D-Link support.

Good Luck.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

Andreas S

  • Level 1 Member
  • *
  • Posts: 3
Re: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« Reply #4 on: February 28, 2019, 01:43:52 AM »

great support

and i quote:
While  creating a new policy on Azure, please change the VPN type to “Policy-based” on “Create virtual network gateway” step.
If Route-Based is used , there are issues to establish IPsec tunnel.
For the DSR part, it is quite the same settings as setting up normal site to site IPSEC.

as soon as the gateway was deleted and recreated policy-based everything work perfectly

hope this is helpful to anyone having this problem

Andreas
« Last Edit: February 28, 2019, 06:49:47 AM by FurryNutz »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47915
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250N IPSEC with Microsoft Azure Virtual Network Gateway
« Reply #5 on: February 28, 2019, 06:48:32 AM »

Thanks for posting back and letting us know. Glad it's working now.
Enjoy.  ;)
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting