azure stack, vpn asa config

!azure stack (15.02.2018) support only aes-gcm-256 as esp encryption

object-group network Azure-Networks
 network-object <external>0.0 255.255.255.0
object-group network Onprem-Networks
 network-object <internal>20.0 255.255.255.0
access-list outside_access_in extended permit ip host <external_gw> host <internal_gw>
access-list Azure-VMNetworks-acl extended permit ip object-group Onprem-Networks object-group Azure-Networks


sysopt connection tcpmss 1350
sysopt connection preserve-vpn-flows
crypto ipsec ikev2 ipsec-proposal AES-256
 protocol esp encryption aes-gcm-256
 protocol esp integrity sha-1

crypto map Azure-VMNetworks-map 1 match address Azure-VMNetworks-acl
crypto map Azure-VMNetworks-map 1 set pfs group24
! or try to use group 14
!crypto map Azure-VMNetworks-map 1 set pfs group14
crypto map Azure-VMNetworks-map 1 set peer <external_gw>
crypto map Azure-VMNetworks-map 1 set ikev2 ipsec-proposal AES-256
crypto map Azure-VMNetworks-map 1 set security-association lifetime seconds 14400
crypto map Azure-VMNetworks-map interface outside

crypto isakmp identity address
crypto ikev2 policy 1
 encryption aes-256
 integrity sha256
 group 2
 prf sha256
 lifetime seconds 28800
crypto ikev2 enable outside

tunnel-group <external_gw> type ipsec-l2l
tunnel-group <external_gw> ipsec-attributes
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****

group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2

azure stack, get usage report

$configtoken = ""

do {
    $aggr = Get-UsageAggregates -ReportedStartTime "01/01/2018" -ReportedEndTime "02/02/2018" -ShowDetails:$true -ContinuationToken $configtoken -AggregationGranularity Hourly
    $aggr.UsageAggregations | ft
    $configtoken = $aggr.ContinuationToken
}
while($configtoken -ne $null)

azure, deploy vm from template

$TenantName = "nvgastest.onmicrosoft.com"
cd AzureStack-Tools-master

Import-Module .\Connect\AzureStack.Connect.psm1

# For Azure Stack development kit, this value is set to https://adminmanagement.local.azurestack.external. To get this value for Azure Stack integrated systems, contact your service provider.
  $ArmEndpoint = "https://adminmanagement.local.azurestack.external"

# For Azure Stack development kit, this value is adminvault.local.azurestack.external
$KeyvaultDnsSuffix = “adminvault.local.azurestack.externa”


# Register an AzureRM environment that targets your Azure Stack instance
  Add-AzureRMEnvironment `
    -Name "AzureStackAdmin" `
    -ArmEndpoint $ArmEndpoint

# Get the Active Directory tenantId that is used to deploy Azure Stack
  $TenantID = Get-AzsDirectoryTenantId `
    -AADTenantName $TenantName `
    -EnvironmentName "AzureStackAdmin"

# Sign in to your environment
  Login-AzureRmAccount `
    -EnvironmentName "AzureStackAdmin" `
    -TenantId $TenantID

$rg_Name = "azs-srv01_rg"

New-AzureRmResourceGroup -Name $rg_Name -Location "local"
New-AzureRmResourceGroupDeployment -ResourceGroupName $rg_Name -TemplateFile "template.json" -TemplateParameterFile "parameters_azs-srv01.json"

$rg_Name = "azs-srv02_rg"

New-AzureRmResourceGroup -Name $rg_Name -Location "local"
New-AzureRmResourceGroupDeployment -ResourceGroupName $rg_Name -TemplateFile "template.json" -TemplateParameterFile "parameters_azs-srv02.json" 

azure stack, run script extension

$groupName = "azs-srv07_rg"
$vmName = "azs-srv07"
$location = "local"

$storageAccount = "dtscripts"
$key = "c9TL0F9AdnxPEahQLARAYLV+SIQTBqNjf51QaK7mULeCrc822Zu8duv1OFfy2aK7NdTLXWlWfTuYO49DPHo1tg=="
$container = "stcripts"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_join_domain.ps1" –ContainerName $container -Run "dt_join_domain.ps1" -Name "dt_join_domain"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_sync_time.ps1" –ContainerName $container  -Run "dt_sync_time.ps1" -Name "dt_sync_time"

Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName @("install_dt_8.1.1.885.2.ps1") –ContainerName $container -Run "install_dt_8.1.1.885.2.ps1" -Name "dt_install"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_create_job_fullServer.ps1" –ContainerName $container  -Run "dt_create_job_fullServer.ps1" -Name "dt_create_job_fullServer"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_psh_start_failover.ps1" –ContainerName $container  -Run "dt_psh_start_failover.ps1" -Name "dt_psh_start_failover"