Ah the joys of a proof of concept. We’re playing with a vendor’s application that has some tricky networking requirements (multi-site VPN support through a third party aggregator) to see if the architecture would work with a server in Azure.

The great part is we have a trial version of the software, so we can replicate things from the comfort of our own office without disturbing the customer. Which is just as well, really.
Following the instructions, I’d successfully created a virtual network, a Windows Server and a static gateway VPN and managed to get our Draytek router to connect. Hooray!

Next step was to see if a Cisco router we had here would connect, that we could then swap into the customer site. Because I wanted to retain our connectivity too, I needed to delete and re-recreate the gateway as Dynamic for multiple site VPN connectivity. Problem is, dynamic gateways use IKEv2 and neither our Draytek Vigor 2860 nor our Cisco SRP521W wanted to play that game. Back to the drawing board to reconfigure the gateway as static. And by reconfigure I mean delete and re-create.

Unfortunately, once you add multiple local networks to a gateway, the Azure portal gives up and says “it’s all too complicated for me now – use XML to configure stuff”. But when I tried to upload an edited XML file, I got an unhelpful “unexpected error”.
I also found that if you DONT remove that second local network from the configuration, if you try to delete the gateway and re-add it .. it will only want to add a new dynamic gateway. The box to choose static or dynamic gets hidden behind the yes/no to create prompt.
The solution is that you HAVE to edit your XML configuration file and remove the local network from the ConnectionsToLocalNetwork section, and import this change, to make sure there’s only one local network attached to the VPN. Then you can delete the gateway and add a new static gateway.

Makes sense, but a prompt msg or error about that would be useful.
As for the unexpected error uploading the XML? Beats me what the problem with that was. I went to lunch, came back and repeated my steps and it verified and uploaded without a problem.

Let’s just put that one down to a glitch in the Matrix.

-SCuffy