/
How to Configure an IPsec IKEv2 Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

How to Configure an IPsec IKEv2 Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

Jan 26, 2026

You can configure your local Barracuda SecureEdge appliances to connect to the static IPsec VPN gateway service in the Microsoft Azure cloud using an IKEv2 IPsec VPN tunnel.

Before You Begin

  • Create and configure a Microsoft Azure static VPN gateway for your virtual network.

  • You will need the following information:

    • VPN gateway

    • External IP address for the Barracuda SecureEdge appliance

    • Remote and local networks

Requirements and Limitations

  • When creating general settings for an IPsec tunnel on the SecureEdge appliance, you must disable the Initiates field for your connected Barracuda-hosted Edge Service or Edge Service for vWAN. However, you can enable the Initiates field for your connected Site or Private Edge Service.

Step 1. Create a Virtual Network and Subnet

Create a virtual network in the Microsoft Azure cloud. Choose subnets that are not present in your local networks to avoid IP address conflicts.

  1. Log into your Azure Portal (https://portal.azure.com).

  2. Search for Virtual networks.

  3. Next to the Virtual networks entry, click + / Create to create a new network.


    The Virtual network windows opens.

  4. Select Virtual network and click Create.

  5. Select Virtual network and click Create.

  6. The Create virtual network windows opens. In the Basics window, select your Subscription.

  7. Select the Resource group for the virtual network, or create a new resource group.

  8. Enter a descriptive Name for the virtual network. E.g., VNet1.

  9. Select the Region your network resides in.

  10. Click Next.

  11. Click the IP addresses tab.

  12. Define the address space of your virtual network, e.g., 172.16.0.0/16 (By default, an address space is automatically created.) 

  13. Click Add subnet:

    • Name – Enter a name for the subnet, e.g., subnet-VNet1

    • Starting address – Enter the first IP address of the IP range for the subnet. E.g., 172.16.1.0

    • Size – Select the subnet mask from the list. E.g., /24 for 256 IP addresses.

  14. Click Add.

  15. Review the IP addresses page and remove address spaces and subnets that you do not need.

  16. Select Review + create to validate the virtual network settings.

  17. Select Create to create the virtual network.

Step 2. Create a Gateway Subnet

The gateway subnet resides in the IP address range of the virtual network and contains the IP addresses used by the virtual network gateway resources and services.

  1. Go to your virtual network.

  2. In the left menu, select Subnets.

  3. The Subnets window opens. Click + Gateway Subnet.

  4. In the Add a subnet window, adjust the IP address range value:

    • Starting IP – Enter the first IP for the gateway subnet. E.g., 172.16.254.0

    • Size – Select the subnet mask from the list. E.g., /27 for 32 IP addresses. Note: It is recommended that you create a gateway subnet that uses a /27 (or larger), for example, /27 or /26. For more information, see Microsoft Azure - create a gateway subnet.

  5. Click Add.

  6. Click Save to save the subnet.

The Azure Virtual Network you have just created is now listed in the network menu in the Azure management interface.

Step 3. Create a VPN Gateway

Create the Azure virtual network gateway.

Creating a virtual network gateway can take 45 minutes or more, depending on the selected gateway SKU.

  1. Log into your Microsoft Azure Portal (https://portal.azure.com).

  2. Search for Virtual network gateways.

  3. Next to the Virtual network gateways entry, click + / Create to create a new VPN gateway

     


    The Create virtual network gateway window opens.

  4. In the Basics tab, configure the following settings:

    • Subscription – Select your subscription.

    • Name – Enter a descriptive name for the VPN gateway.

    • Region – Select the region your network resides in.

    • Gateway type – Select VPN.

    • SKU – Select VpnGw2.

    • Generation – Select Generation 2.

    • Virtual network – Select the virtual network created in Step 1.

    • Subnet  – Gateway subnet created in Step 2 is auto-selected.

    • Public IP address – Select Create new.

    • Public IP address name – Enter a name for your public IP address instance.

    • Availability zone – Select Zone-redundant, unless you know you want to specify a zone.

    • Enable active-active mode – Select Disabled.

    • Configure BGP – Select Disabled.

  5. Select Review + create to validate the settings.

  6. Select Create to create the virtual network gateway.

Contact Us
Barracuda Campus
Barracuda Support