Running VPN gateway dianostics in Azure Resource Manager

Recently when setting up an Azure Site to Site VPN, I was having a lot of issues and ran into Keith Mayer’s great blog post about how to run the diagnostics in Azure resource manager for Azure gateways. Most of the older blog post focused on the gateways in the older Azure portal (manage.windowsazure.com)

Take a look at Keith’s PowerShell script here – Step-by-Step: Capturing Azure Resource Manager (ARM) VNET Gateway Diagnostic Logs

When you run the script and use your admin credentials to login to Azure resource manager (portal.azure.com) and the older Azure portal (manage.windowsazure.com) you are left with a vpnlog.txt which has diagnostic information.

Examining the vpnlog.txt I was able to find:

Failure type: IKE/Authip Main Mode Failure
Type specific info:
Failure error code:0x0000362c
Policy match error

Error 13868(ERROR_IPSEC_IKE_POLICY_MATCH)

I was having a policy error. I was trying to set up RouteBased Azure Gateway with an on-prem Cisco ASA fireall. Looking at the Validated VPN devices in Azure, the Cisco ASA is not compatible with RouteBased.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s