How can we improve Azure Networking?

Provide certificate-based authentication for S2S VPN

Can you describe the technical reason why you decide not to offer this option when creating a s2s vpn and you offer only the phase1 pre-shared key method? The communications in Madrid HC Region are administered by Cesus and they follow directives from the Security Group of Madrid Digital (former ICM). In their form to require a s2s vpn only cert based is accepted for ipsec tunnels and without a clear technical reason it is almost impossible to negotiate an exception to shift to pre-shared key based phase 1 vpn

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    unplanned  ·  Azure Networking TeamAdminAzure Networking Team (Admin, Microsoft Azure) responded  · 

    Thank you for the suggestion. The key reasons for not offering cert-based IKE authentication is due to the additional compliance requirements and validations related to handling certificates. As a result, this is currently not on the roadmap.

    If certificate-based authentication is a requirement, currently customers will need to leverage a VPN appliances available from Azure Marketplace.

    Thanks,
    Yushun [MSFT]

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Thank you. Eould you be so kind to propose one solution or to propose a "search method" for the marketplace that returns VpN solutions that comply with the requirement?

      Feedback and Knowledge Base