ConfigShot: Configuring UDM SE with Azure Active-Active VPN Gateway
Recently, there happened to be an oppotunity to set up a network environment locally. Here's a post of the process of building it using UDM SE and Azure VPN Gateway
Environment
- Dream Machine Special Edition (UDM SE)
- UniFi OS 4.2.12
- Azure VPN Gateway
- SKU: VpnGW1
- Enable Active-Active mode
- Disable BGP
- Location: TaiwanNorth
About Active-active Azure VPN Gateways
Regarding the setup and configuration of Azure VPN Gateway, please refer to the following article links.
- Create a Azure VPN Gateway
cherylmc
- Create a Local Network Gateway: about configuring UniFi settings
cherylmc
- Configure a site-to-site connection
cherylmc
Set up Site-to-Site VPN on UniFi
Since I chose to use the Active-Active mode for Azure VPN Gateway, there will be 2 Azure Public IPs available for the UniFi WAN IP to establish IPsec connections. Therefore, the diagram below will show 2 IPsec connections that need to be configured.
Since Azure VPN Gateway supports ECMP (Equal-cost multi-path routing) in Active-Active mode, the Route Distance in both connections can remain the same value (30) here.
1st IPsec Connection Setup
2nd IPsec Connection Setup
Connectivity Result
Phil's memo
Unifi's interface is really well-designed; just a few clicks and it's done. Recently, in studying the 6GHz deployment methods, it is currently believed that those are quite similar to the deployment methods of 5GHz