Azure is rapidly gaining market share in the cloud space. Clients are migrating on-prem infrastructure to Azure more than ever. Despite public cloud gaining popularity, there will always be a need to have on-prem infrastructure for various reasons.One example would be to have your compute in the public cloud and your data on your private network, or to connect your employees to your public cloud infrastructure. This blog is about creating a secure connection between your Azure virtual network and your on-prem physical network.

To achieve that, we need a compatible VPN device on our physical network, which in my lab is pfSense running on dedicated appliance connected to the internet. pfSense will connect to Azure virtual network over an IPsec/IKE (IKEv2 in my case) VPN tunnel.

so lets get started ….

Azure Infrastructure

We will begin by creating the required infrastructure in Azure. I created a virtual network vnet1 with address space and one subnet called default with address space in Australia East location. I will also be creating an additional Gateway subnet ( in this network. For this exercise, I will also create a virtual network gateway in the same location as the network of SKU type VpnGw1 and Generation 1. The VPN gateway will associate to the gateway subnet created earlier we will also create a basic  dynamic public ip address for this demo. It can take about 20 minutes for the VPN gateway to provision.

Once the VPN gateway is created, note down the public IP address.

Next, we will be creating a local network gateway. This refers to the on-premises location which is my Lab. Give it a name and an ip address, which will be the same as the pfSense WAN interface ip. Next, in the Address Space enter the address ranges for the network that this local network represents. In my case it is which is the address space of my lab. The Location will be the same as the location of the virtual network and VPN gateway.

Once this is done, go to the VPN gateway and connections menu. Here, we will add a connection to the on-premise VPN. Click on the add connection button and select the connection type as Site-to-Site (IPSec). Virtual network gateway will be preselected so select the local network gateway as the one that we created above. Enter a long and random shared key. This key has to be entered on both the peers (Azure VPN gateway and pfSense). 

Once the connection is created, we move on to pfSense.

Configure pfSense

Now our Azure infrastructure is created, we move on to configuring IPsec tunnel on pfSense. To do this, go to VPN > IPsec menu. IPsec is configured in 2 phases. New IPsec tunnel is defined in phase 1 and the parameters for traffic encryption are defined in phase 2.

Click the “Add P1” button tp configure the tunnel. Here we will update the Key Exchange version to IKEv2. Enter the public IP address of the VPN gateway in the Remote Gateway field and select Authentication Method as Mutual PSK. Enter the preshared key that was used above when creating the connection in Azure gateway.

Save and Apply Changes.

Now configure the Phase 2 by going to the Add P2 button just below the phase 1. Enter the subnet of your Azure virtual network that you wish to make accessible from your on-premise in the Remote Network  field. Save and Apply Changes.

Once this is done, go to Status > IPSec and check the status of the tunnel. It should be connected to Azure VPN gateway.

Thank you for stopping by……

Categories: Azure


Christina Shackleton · December 3, 2023 at 6:16 pm

Hi there,

We’re writing to ask if you accept Guest Posts on

If you do, would you be interested in adding your site to our list, which has an outreach of over 50 million potential customers each month?

As we’re doing the promotion, all you have to do is strike a deal!

More information:

If you’d like to discuss this further, just get back in touch with any questions.

Kind Regards,

If you are not interested in SEO/guest posts/backlinks, then unsubscribe here:

Melanie Nason · January 18, 2024 at 8:43 pm

Make money online effortlessly with AI Commissions 2024. Discover the top AI strategies for 2024. Start at

Continue making waves in the digital universe at!

– Melanie

Rozella Letters · February 3, 2024 at 2:44 pm

I’ve been working with freelancers for over nine years now.

One of the biggest things I want businesses to know about working with freelancers is how much time and money they can save by hiring freelancers for projects.

Whether you’re a multi-level corporation or a small start-up, chances are, you could benefit from using freelance work.

The details here:

Danny Gault · February 15, 2024 at 7:44 pm

LeadsFly is proud to present our new website for all your B2B and B2C data and advertising needs.

We offer a large range of consumer and business data to assist you in getting ahead this new year with better advertising and reaching more clients in your specific niche. Our products include all of the following:

We provide a free samples on our site so you can see the amount and type of data we provide.
Pre-compiled B2B and B2C data sets with all the necessary fields included to assist you reach your clients.
If we do not currently have the data you are looking for we are also willing to assist with custom data collection.
180 Countries Covered.
Updated Monthly.

“Stopping advertising to save money is like stopping your watch to save time.” Henry Ford.

Visit us here:

Abi · February 22, 2024 at 9:21 pm


I’m Abi, an English SEO copywriter and content writer. I excel in crafting blogs, articles, e-commerce product descriptions, SEO content, website content, business service descriptions, newsletter content, brochures, proofreading, social media captions, LinkedIn content, and SOPs.

My rate is USD 40 for every 1000 words of content. If you don’t have time to plan out your content, we can help you with that.

Feel free to email me at with any current requirements.



Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *