Azure Site-to-Site VPN using Netscaler Cloudbridge Connector

Since I started out learning Azure I really want to try and do practical lab tasks as close to enterprise scenarios as possible.
I always try and achieve the same for anything I learn in my small lab environment and now I wanted to do the same to bridge my Azure environment with my on-prem lab servers.

I do not have an enterprise grade router at home, so I went for using my Netscaler VPX as my VPN device. Considering I am Citrix certified in both Virtualization and Networking. I have a partner license laying around that gives me Platinum features which Cloud Bridge Connector requires. Then we can setup the cheap Basic Azure Gateway (30$ pr month plus network egress).

After reading a lot of semi old blog posts, and blogs only giving half the information needed I want to post my own findings.

First we  configure our Azure VPN Gateway by following Microsofts own procedure. Just remember to create the Azure VPN Gateway with Basic SKU.

My environment:
I have a Netscaler 11 VPX in my on-prem environment, with 2 NIC’s, One internal and external. Though when you use Netscaler Cloud Bridge Connector you only need to utilize the SNIP of the Netscaler.
Remember to forward UDP 500 and 4500 to the SNIP (Subnet IP) of the Netscaler.


add ipsec profile CB_Azure_IPSec_Profile -psk yourpassword -ikeVersion v1 –lifetime 31536000

add iptunnel CB_Azure_Tunnel <Netscaler SNIP> <Azure Gateway IP> –protocol IPSEC –ipsecProfileName CB_Azure_IPSec_Profile

add pbr CB_Azure_Pbr -srcIP –destIP –ipTunnelCB_Azure_Tunnel

And as a last part we apply the PBR

apply pbrs

If everything is correct you will see this in Netscaler.

And you will see this in Azure.