RouterOS Site-to-Site VPN to Windows Azure using Mikrotik RouterOS RB750GL

1. Site-to-Site VPN between your infrastructure and Windows Azure
– using MikroTik RouterOS
While doing my demos for Windows server 2012 readiness I wanted to show my attendees also
virtual machines that you can run now on Windows Azure (www.windowsazure.com – here you can
try virtual machines and other Azure features for 180 days!).
Okey, that’s not a problem you go to the virtual machines tab and create machine… But I wanted
to connect my infrastructure with Azure so I will be able to experience real hybrid-cloud solution
with some services in my datacenter and some services in Microsoft cloud…
If you want to do that you need to create new network configuration in network tab on Azure portal.
This procedure is well documented on: http://msdn.microsoft.com/en-
us/library/windowsazure/jj156210#bkmk_ConfigVPN
But at the end you can download configuration for Cisco or Juniper… From that configuration I
“extracted” the important steps to configure it on MikroTik 750GL.
On your Mikrotik you need to go to IP / IPsec menu and then:
- configure IPsec peers

2. After that you need to configure IPsec tunnel parameters:
In the first line you define your local subnet that you have in your datacenter; below you enter
subnet that you defined in Azure network configuration…
And in Action tab of IPsec policy you define that you want to create tunnel and you need to define
endpoint IP addresses again…
Connection established!!!

3. I started to ping from my Azure Virtual machine to AD server in my organization…
and as seen from Azure portal perspective:
It is easy to configure virtual machines on Windows Azure platform and also very easy to establish
site-to-site VPN connection – and it works also with “lower” budget routers and not only by using
Cisco or Juniper.