Azure to Sophos UTM Site to Site VPN IPSEC Settings ( IKEv1 Policy Based)

The Sophos UTM Azure Policy:

img 57b252c69a0b3

The sophos UTM Azure Remote Gateway:
img 57b252de59efb

notes: the pre-shared key should match on both sides, the gateway object should be the public IP assigned to your gateway.


When creating your Azure Virtual network gateway, you must choose policy-based VPN, NOT route-based. Policy based is IKEv1, while route based is IKEv2. The sophos UTM only supports IKEv1. It’s also important to note Azure virtual network gateways configured this way only allow ONE SITE TO SITE VPN connection since it’s policy/ikev1. This means that if you require more VPNs to azure you can use the Sophos UTM as a VPN concentrator device and advertise the azure network over that. See below how to select policy based VPN:


img 57b25654db4ca


How to find your Azure virtual network gateway public IP:
Login to the azure portal, then search for virtual network gateway
img 57b2535a37efb
Then your public IP should be on the right most setting.

img 57b256d1ee1bf

You should also verify your gateway has a static public IP and not a dynamic one or else it can change! You either need to take down the vpn or recreate the gateway for this (or just create a new public IP resource)

Leave a comment