We have been running a VPN from an Asa 5510 running ASA8.2 successfully, between our on-prem network and a VNET in Azure. I now wanted to setup a VNET1 to VNET 2VPN scenario, as well as on-prem to VNET1 and VNET2 (like a big VPN mesh). I built this via the XML config, uploaded it to Azure and got the VNET to VNET working by changing the preshared key. I’m now having difficulty getting the VNET to Onprem VPN’s up and running. I have configured our ASA and run some debugging and are getting these errors:

Jun 18 14:53:48 [IKEv1]: IP = 23.100.xx.xx, Received an un-encrypted NO_PROPOSAL_CHOSEN notify message, dropping
Jun 18 14:53:48 [IKEv1]: IP = 23.100.xx.xx, Information Exchange processing failed

It looks like a Phase1/Isakmp issue however the config our end is all still the same (ie the same as when I had it working fine on-prem to one VNET). I don’t know why changing the config on the Azure end has broken this but I am a bit stumped. One pertinent change during this is changing from Static routing to dynamic routing – it needs to be dynamic for this scenario to work though.

Technically only ASA 8.3 is supported however it was working fine before, so I don’t think this is the issue.

My question is this, what does changing the routing from dynamic to static actually do as far as third party VPN devices are concerned? Is there a requirement to then change the ISAKMP properties?

–Update– Turns out Dynamic routing uses IkeV2 which is supported from ASA 8.4 onwards. Even though this is the case, Azure lists the ASA (even on the newest code) as an unsupported device. ASR’s are supported however.

I’m trying to modify the pre shared keys in an existing VNET gateway. Most user guides refer to using powershell in order to modify preshared keys (as per here)

PS C:\> Set-AzureVNetGatewayKey
Set-AzureVNetGatewayKey : The term ‘Set-AzureVNetGatewayKey’ is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:1
+ Set-AzureVNetGatewayKey
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-AzureVNetGatewayKey:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

I get the above error suggesting the cmdlet is not available. Am I missing a powershell Module?


Turns out you need to run an update on the azure powershell tools.