Skip to content

Verifying Our Site-to-Site VPN Actually Works

Try Connecting to Virtual Machine

To test the site-to-site VPN we will deploy a temporary virtual machine in our resource group and try to connect to it from our on-premises network. The machine to deploy will be Windows Server 2019 Datacenter - the same image that we are going to use for all our proxy tutorials.

Specify the following parameters for deployment.

Setting Name Value
Virtual Machine Name vpn-test-vm
Virtual Network vnet-azure-proxy
Subnet default (
Public IP None
NIC network security group None

Wait a couple of minutes and make sure the newly created virtual machine only has private IP address from our default subnet.

Test VM

Now from your workstation on-premises try to establish the RDP connection to private IP address Cisco ASA shall automatically establish the site-to-site VPN connection and successfully direct traffic flow to the Azure subnet through.

Test VM

Good our cloud networking lab is up and running. We are ready to start deploying our proxies in the cloud.

Possible Errors

Configuring Cisco ASA is a lot of manual typing so a lot of things may (and will) go wrong. To test if site-to-site VPN indeed works see the output of the show cry isa command. It should indicate the active site-to-site tunnel.

ciscoasa# show cry isa

IKEv1 SAs:

Active SA: 1
  Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer:
  Type    : L2L             Role    : responder
  Rekey   : no              State   : MM_ACTIVE

Here we see the state as MM_ACTIVE so everything is fine.