If your gateway was tested by Microsoft, you can find links to the configuration guides in the VPN devices documentation. Typically, you have to setup IKE and IPsec with the given pre-shared key for authentication. Note that only Diffie-Hellman group 2 (MODP 1024) is possible. For policy based VPNs, we recommend to use AES256 and SHA256 for IKE encryption and hashing; for route based VPNs, you should use AES-GCM256. With static routing, you also need to announce the virtual network’s subnet that should have access to the HSM(s).