Azure Site to Site VPN Connection [100% Working]


Azure

Author: Sahil Hulage
Reviewer: Deepak Prasad

Overview

Azure Site to Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network. Data transfer over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Azure VPN gateways provide cross-premises connectivity between customer premises and Azure.

This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. Will show you steps for using Azure portal to create a Site-to-Site VPN gateway connection from your on-premises network to the VNet.

 

Prerequisite for Site-to-Site VPN

  • Virtual Network
  • Virtual Network Gateway
  • Local Network Gateway
  • Compatible VPN Device On-Premises with Public IP

 

Brief steps to create Azure Site to Site VPN

Deploying a site-to-site VPN from the Azure side involves the following steps:

  • Creating/editing a virtual network
  • Verifying or adding virtual subnets to the virtual network
  • Creating the gateway subnet
  • Creating the virtual network gateway
  • Creating a local network gateway
  • Integrating with your VPN device
  • Creating the site-to-site VPN tunnel
  • Verifying the connections in both directions

Although this might feel like a lot of different and complex steps, it shouldn't take more than 20 minutes, of which 15 minutes is waiting for the VPN gateway to be deployed and the connections to be set up

 

Step-1: Create Virtual Network

Go to Azure Portal and click on Create a resource and search for Virtual Network. You will get Virtual Network in Azure Marketplace as per below image.

Azure Site to Site VPN Connection [100% Working]

 

Click on create resource button and you will get wizard for creation. These values are self-explanatory, and you can fill those as per your requirement. As per below image.

Azure Site to Site VPN Connection [100% Working]

 

Next, we need to assign IP Range for our Virtual Network.

Azure Site to Site VPN Connection [100% Working]

 

Next click on Review + create.

Azure Site to Site VPN Connection [100% Working]

Now, we have successfully created Virtual Network in Azure.

 

Step-2: Create Gateway Subnet

Let’s create Gateway subnet for our Virtual Private Gateway. Go to Virtual Network and click on Subnets.

Azure Site to Site VPN Connection [100% Working]

Click on + Gateway Subnet and you may see the option as shown above. Add your desired IP Range and Save it.

 

Step-3: Create Virtual Network Gateway

Login to the Portal and search for Azure Virtual Network Gateway

Azure Site to Site VPN Connection [100% Working]

 

Click on Create to create the Virtual Network Gateway. On the next screen, you will have to provide the following information:

  • Subscription: - Select your organization subscription (Subscription is logical ID assigned under your tenant)
  • Resource Group: - Select resource group where you want to deploy this service (Resource Group is logical grouping of your resources)
  • Name: - Name for your Virtual Network Gateway.
  • Region: - Its geographical location where your datacenter is located. For testing purpose, you can choose East US region as its cheapest than others.

Azure Site to Site VPN Connection [100% Working]

 

  • Gateway Type: - VPN as we are using it for P2S.
  • VPN Type: - Choose Route Based VPN.
  • SKU: - For testing purpose select Basic SKU (Stock Keeping Unit). SKU will as per requirement Note: - Basic SKU only supports Windows Machines for P2S.
  • Generation: - Select generation 2 latest.
  • Virtual Network: - Azure Network which you want to talk with On-Prem Network.
  • Public IP address name: It allows you to give name for your Public IP. In Basic SKU we are using BASIC Public IP Address

Azure Site to Site VPN Connection [100% Working]

 

You can configure Active-Active Mode as per your requirement. And you can go one step ahead if you want to configure using BGP Protocol.

Azure Site to Site VPN Connection [100% Working]

Now, review and click on Create button.

 

Step-4: Create Local Network Gateway and Connection

Now, we have successfully deployed Azure Network and Virtual Network Gateway, so we can go ahead and configure Azure Site to Site VPN.

Azure Site to Site VPN Connection [100% Working]

 

Let’s configure azure Connections to establish Site to Site VPN Connectivity. Go to the Connections pane in click on Add option to configure.

Azure Site to Site VPN Connection [100% Working]

 

Once you click on Add you will get below wizard here, we must select few options as showed in below image

  • Name: - It should be the Name of your Connection. You can configure i.e., US-Office-Connection
  • Connection Type: - It must me Site-to-Site over IPsec
  • Virtual Network Gateway: - Virtual Network Gateway which created recently, and it will pick up automatically.
  • Local Network Gateway: - It hold your on-premises VPN configuration details.
  • Shared Key (PSK): - Its act as a Passphrase and you will require this to configure.
  • IKE Protocol: - We should first confirm that does on premises VPN or Firewall support V1 or V2

Azure Site to Site VPN Connection [100% Working]

 

Now let’s create Local Network Gateway. This will represent "the glue" between Azure and your on-premises network. If you don’t have Local Network Gateway, then click on choose Local Network Gateway Option

Azure Site to Site VPN Connection [100% Working]

 

You will get option for Create New. Click on that you will get wizard as per below image.

Here you can configure Name of Local Gateway. Give the IP address of your Firewall or VPN Device and IP range of On-premises network which you want to communicate with Azure Network. After filling all the necessary details click on ok and go back to the connection configure page.

Azure Site to Site VPN Connection [100% Working]

 

Then Azure will create Local Network Gateway and connection in back end.

Azure Site to Site VPN Connection [100% Working]

 

You may see the following in your VPN Connection pane.

Azure Site to Site VPN Connection [100% Working]

 

Step-5: Access Azure Site to Site VPN

Now, go back to the Overview and download the configuration file for the on-prem Device.

Here you can see multiple values. Like Data In and Data Out which is self-explanatory which shows how much data is transferred between your On-premises to Azure Network.

Azure Site to Site VPN Connection [100% Working]

 

Now we need to share these details with our On-premises IT team to allow our Azure VPN to talk to Corporate Office Firewall/VPN Device. You can select type of Device Vendor. If your device is not listed here, you can use generic one

Azure Site to Site VPN Connection [100% Working]

 

Once you click on Download Configuration. You will get one text file that contains IP Address of Azure VPN and Shared Key which we configured in Connection.

Azure Site to Site VPN Connection [100% Working]

 

After opening that text file, you will see multiple entries. Don’t get scared!

You just need three things to communicate you On-Prem Firewall to Connect with Azure VPN i.e. Public IP of Azure VPN, Shared Key, and the IP Range that we have allowed in Local Gateway.

Azure Site to Site VPN Connection [100% Working]

 

Once you see status is connected you can check connectivity from your On-Premises Network to the Azure Network.

Azure Site to Site VPN Connection [100% Working]

Summary

In this tutorial we learn about VPN configuration on Azure to achieve hybrid network connectivity between your On-Premises to Cloud Network. Site-to-Site connections can be used to create a hybrid solution, or whenever you want secure connections between your on-premises networks and your virtual networks. A VPN device is required to configure a Site-to-Site (S2S) cross-premises VPN connection using a VPN gateway.

 

What's Next

Configure Azure Point To Site VPN Connection

 

References

VPN Gateway design
Highly Available cross-premises and VNet-to-VNet connectivity

 

Related Keywords: azure vpn setup, azure local network gateway, site to site vpn azure, azure gateway subnet, site to site vpn, gateway subnet

Sahil Hulage

Sahil Hulage

He possesses over 5+ years of experience as a Cloud Consultant, specializing in Azure DevOps and CloudLinux. With his expertise, he implements and optimizes cloud solutions, ensuring seamless operations and efficient resource management. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment