12p.no blog

Author: raymond

  • Setting up IKEv2 Azure to Palo Alto Networks Firewall

    So, lately I’ve setup a lot of vpn tunnels to Azure. With different results. Seems to me that it’s easy to setup the vpn itself, but when it comes to getting the vpn to maintain up and stable you have to tweek back and forth a bit. But heres a example that seems to be working excellent.

    Scenario: Two locations, >7 local subnets, one BIG azure subnet.

    IKEv2 static routing or policy based as Microsoft calls it: https://azure.microsoft.com/nb-no/documentation/articles/vpn-gateway-about-vpn-devices/

    “Static Routing = Policy-based

    Dynamic Routing = Route-based

    Palo Alto PA500, using software PANos 7.1.2

    2

     

    Azureside setup as IKEv2 policy based, routing each spesific net to each location (gw), seperate PSK keys for each site.

    Step 1, create tunnel interface, assign interface to correct vr and sec zone

    PAN

    Step 2 create IP sec tunnel

    bind to tunnel, create new IKE gateway

    PAN

    Step 3,

    Setup IKEv2 only mode, bind to interface . Static ip for Azure GW, and preshared key (provided by azure setup)

    PAN

    step 4

    I found out that not enabling passive mode worked best for this VPN.

    Create new IKE Crypto profile,

    PAN

    Step 5

    Azure allows a lot of IKE ciphers, but this one seems to be stable

    DHgroup 2, AES-256-cbc, SHA1, keylife 28800 secs

    PAN

    Step 6 Create IPsec crypto profile

    Here’s where it gets interesting, according to the samples you should use ESP DHgrp2 AES-252cbc and sha1

    And that works. For a while… then the tunnel goes down and never comes up again by itself.

    Using this setup

    ESP, NO-PFS, aes-256cbc,3des,aes-128-cbc, sha1 and lifetime 3600secs

    seems to work the best.

    PAN

    Then the result should look something like this:

    PAN sec rules

    step 7

    Since we use static routing we  simply route the whole /16 net to the tunnelinterface we created

    PAN

    step 8

    Create rules to match the traffic (Yes i know this rule is an any-any-rule, but i used that for testing, and migration tool afterwards to convert to lay 7 rules.)PAN

    And boom the vpn is up and running

    A recommended troubleshooting command if you need it

    tail follow yes mp-log ikemgr.log

    Provides a good realtime view of the ipsec tunnel. That’s how i found out what was going wrong with the intial setup using the samples provided by azure. The error i got was that the tunnel had missing KE. (proxy id or in this case ciphers and no-fps)

     

    Using  the same setup on both locations worked perfectly.

  • Panorama from Rundemannen

    rundemannen-30p

    Panorama from Rundemannen taken yesterday. Right before the extreme aurora borealis that i missed, cause i went to sleep instead… &”%#¤%”#&! FML

  • Creating Panoramas

    Lately I’ve done a lot of Panorama photos. I Really like to create theese big images with loads of detail and almost a VR look. I decided to create a little turitorial on how i make these panoramas. So heres a little Youtube video of how I created this image:

    Untitled_Panorama2-30pro

     

    And the turitorial:

  • Panoramaphotos from the 7 mountains of Bergen

    Had to downscale the pictures to 30%. WordPress didnt like the pictures above 96mb… 🙂

     

    Ulriken 360 Ulriken

    lovstakken-panorama-12-februar2016-30prosent Løvstakken

    panorama rundemannen Rundemannen

    PanoramafloyenFløyen

    Panorama-30pDamsgårdsfjellet

     

    panorama_sandviksfjellet233-30pSandviksfjellet

     

    lyderhorn-panorama-30p Lyderhorn 1

     

    lyderhorn-panorama-loddefjord-godvik-30p  Lyderhorn 2

     

    lyderhorn-panorama-s0r-30p  Lyderhorn 3

     

     

  • Macro photos

    I love taking macro photos, but haven’t had the time lately to take that many photos.  So here’s a little recap of some macro photos I’ve taken.

    blackwidd0w bug1 dan3 fotoblog_-skogtur-011_resized 1 2 21

  • SJ2D Gimbal setup and using Simple BGC GUI

    Attaching SJ2D gimbal on DJI Phantom 2

     

    Calibrating the SJ2D gimbal using SIMPLE BGC GUI

     

  • Drone flight in Bergen, Hellen fortress

    Been out flying with my drone, Dji Phantom 2.

     

  • Northern Lights in Norway

    I’ve been in love with the Northern Lights since i was in the military up north back in 2003.

    It all started with a Olympus C-5050 camera 5megapixels. (its me in the photos)

    The photos are taken in Bardufoss, just south of Tromsø.

    OLYMPUS DIGITAL CAMERA

    OLYMPUS DIGITAL CAMERA

    P1010015walleys!

    Northern lights from Laksevåg, Bergen.

    image001920576_10153471951330578_1731780341_o1402910_10153471951260578_359331903_o

     

     

    Northern lights from Melkeplassen, Bergen

    Exported-4002 Exported-4018 Exported-3958 Exported-3971

    Northern lights from Damsgårdsfjellet, Bergen.

    RST_9222RST_9030RST_9156RST_9185RST_9190RST_9206

     

    Northern lights from Ask, Askøy

    1911140_10154083375725578_4948614660906850547_o10005802_10154083375510578_372209853083668617_o10273167_10154083375675578_6090040087807960827_o

    Northern lights from Fyllingsdalen, Bergen.

    10668916_10154611402110578_3190440641194458003_o

     

     

     

  • PicDump

    Exported-3233

    Exported-3255

     

    Exported-3266

     

    Exported-3297

     

    Exported-3507

     

    Exported-3522

     

    Exported-3542

     

    Exported-3546

     

    Exported-3553

     

    Exported-3602

     

    Exported-3008

     

     

     

    Exported-3009

     

     

    Exported-3025

     

    Exported-3039

    Exported-3111

    Exported-3128

    Exported-3177

    Exported-3204

  • Protected: Atea Skiskole!

    This content is password protected. To view it please enter your password below: