Forum Discussion
ExpressRoute with IPsec tunnel to on-prem
Is it possible to configure an IPsec tunnel over ExpressRoute with NVAs? The ExpressRoute is configured for Azure Private Peering. Is there any kind of list of supported NVAs for this scenario? S...
I see no obstacle to use a VM as IPSec gateway. As long as you peer the VNET it is connected to with a vHUB that has connectivity to your ER Gateway the routing should be fine to establish IKE and IPSec with your on-prem IPSec device.
I have however no experience how to build a network and routing design that forces the desired traffic to / from on-prem through this NVA. I have seen a MSFT article that describes a hub VNET carrying the NVA, peered northbound to the vHUB and southbound to the spoke VNETs.
As for the product, I personally like pfsense a lot since it has strong features and is pretty stable.
cheers
Michi
