Fusion – Set up VPN to AVD

1. In Object à General à Address book, add 3 address folders (LAN_NETWORKS, REMOTE_NETWORKS, PUBLIC_IPs)

2. In the folders add the following IPv4 addresses

   1. LAN_NETWORKS – LAN subnet/24

   2. REMOTE_NETWORKS – Azure subnet/24

   3. PUBLIC_IPs – Azure wan

3. Add the algorithms

   1. Go Object, IKE Algorithms

      1. Add new algorithm called AZURE_PHASE1 and set up like below

1. Add a new IPSEC algorithm called AZURE_PHASE2 and set up like below 

4. Creating the PSK

   1. Go objects à General à keyring, add a pre-shared key called AZURE_PSK, just use a strong password for now as we will get the key from pfsense 

5. Create the IPSEC like below

6. Go to Network à interfaces and group add a new group called IPSEC_LAN_GRP, like below

7. Split ICMP

   1. Go to policies, right click ICMP_Allow_traceroute and edit it to be the same as below

1. Back on the policies page, right click à leave group à drag it to the top 

2. Create the IPSEC as below

   1. Policies screen should look below 

9. Save activate

10. Log onto the avd and head to pfsense, usually .5

11. Go to vpnà ipsec, add p1, like below (grab remote gateway from fusion CGE-NAT

2. Generate new key and save it

   1. Change phase 1 encryption to below and save

12. Disable that and create a new P2, set up like below, obviously changing the lan subnet to match

13. Go back to clav objects à general à key rings back into the PSK and change it to what Pfsense gave us, add it to the notes too.