How do I configure a DNA site-to-site VPN tunnel to a Microsoft Azure endpoint?

Question

Environment

Datto Networking Appliance (DNA)
Microsoft Azure

Answer

The DNA supports a policy-based Microsoft Azure VPN endpoint. When configuring your endpoint, ensure it uses a policy-based route and IKE version v2.

To create and configure the tunnel, follow these steps:

1. Create and configure the Microsoft Azure VPN endpoint by following the steps in the Microsoft article Connect Azure VPN gateways to multiple on-premises policy-based VPN devices using PowerShell (external link).

2. Create a site-to-site VPN configuration on your DNA by following the steps in the Connecting a Non-DNA device section of the DNA: Site-to-Site VPN article. When configuring your VPN, ensure the IKE Mode is IKEv2, and options in Other matches the IPsec options defined in your Microsoft Azure VPN endpoint configuration. Refer to Site-to-Site VPN for more information.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.