Support for IKEv2 VPN clients to connect to an Azure based RRAS server (Allow ESP traffic through NSG)
Currently, Network Security Groups only support rules for TCP and UDP traffic. This request is for the addition of rules for ESP traffic which is required for IKEv2 clients to connect to an RRAS server running on Azure.
We use ExpressRoute Point-to-Site is not an option as they cannot coexist. We currently use SSTP for our clients to connect but lack the resiliency that comes with an IKEv2 connection.
Alternatively, support for Expressroute/Point-to-Site coexistence would also satisfy our requirement and eliminate the need to maintain an RRAS server in Azure.
Thanks for the feedback, we are plannig to expand the protocol options to include ICMP, AH and ESP to cover this type of scenarios in the near future.
Has the protocol 50 been added?
Are there any updates on the timing of expanding the protocols?
Luke Robertson commented
Can you add GRE too? It's needed for DMVPN