Azure – Networking – Part 15 – Configure Azure Site-to-Site VPN Connection

Hello Friends,

!!! We Hope You All Had A Very Nice and Safe Diwali Vacation 🙂 !!!

Today in this article we will continue our discussion on use of Virtual Network Gateway. In our last article we have discussed on how to configure Azure VNet-To-VNet Connection. Today we will discuss about one more important connection Site-To-Site connection. So Let’s Start with basic concept and configuration details of Site-To-Site VPN connection.

If you have missed our previous articles on azure networking, please check it in following links.

Part 8 – PowerShell To Create An Application Gateway With URL-Based Routing Configuration- 2

Part 9 – Configure Custom Domain In Azure DNS

Part 10 – Issue when Configure DNS Records In Azure DNS

Part 11 – ExpressRoute

Part 12 – Azure VPN Network Gateway

Part 13 – Configure Azure Point-to-Site VPN

Part 14 – Configure Azure VNet-to-VNet Connection

Site-To-Site VPN Connection

  • Site-to-site connection is a type of VPN connection that is created between two separate locations.
  • Site-to-site connection provides the ability to connect geographically separate locations or networks, generally over the public Internet connection or a WAN connection.
  • The connection in a site-to-site VPN is generally enabled through a VPN gateway device.

Presentation :

To Configure a complete Site-to-Site VPN connection, we need to configure resources in both Azure and On-premise end. Few components required from On-Premise environment and few from Azure environment. We have all required resources from Azure environment but currently we don’t have complete resources from On-Premise environment. So it is not possible for for us to show a top-to-bottom configuration of a Site-To-Site VPN connection. I will configure everything required from Azure side and will provide references to complete VPN device (at on-Premise end) configuration for Site-to-Site VPN connection . let’s check what we have before start configuring the connection.

PREREQUISITES :

  • Resource Group : which will hold all our required resources.
  • Virtual Network ( VNet) : An Azure VNet is a representation of our own network in the cloud.
  • Virtual Machine : A VM to test connection from on-premise environment.
  • Virtual Network Gateway : Virtual Network Gateway helps to establish a connection between an Azure virtual network and our On-Premise network.
  • Local network gateway: It represents the hardware or software VPN device in our local network.
  • VPN device: A VPN device is needed on-premise to create the VPN connection with Azure.  Gateway
  • Static Public IP address: The VPN device should have external public IP address and it shouldn’t be NAT.

I have already created most of the above resources in advance. Following are the links, which will help you to create most of those resources.

Azure – Resource and Resource group

Azure — Virtual Network (VNet)

Azure — Subnet

Azure — VPN Network Gateway

Now we are missing one important resource from Azure side. So let’s create it.

Create Local Network Gateway :

  1. Login to Azure Portal and search Local Network Gateway in marketplace as shown in the following figure.
Figure 1: Azure Networking – Site-to-Site VPN_Local Network gateway

2. Create a new Local Network Gateway by clicking on +Add or Create New button. It will take us to create local network gateway page as shown in the following page.

3. Provide correct information of On-Premise VPN device as described below.

  • Name: Name for the local gateway
  • IP Address: Public IP address to represent your VPN device. It should not behind NAT
  • Address Space: This is ours on premises address ranges. we can add multiple ranges.
  • Resource Group: Create new resource group or use the same one you were using
Figure 2: Azure Networking – Site-to-Site VPN_Create Local Network gateway

4. After verifying all information click Create button to start creating the Local Area Network. We can see in the following figure, it has created our Local Network Gateway for our demo.

Figure 3: Azure Networking – Site-to-Site VPN_Created Local Network gateway

During Local Network Gateway creation, we have provided our On-Premise VPN device static IP and IP address range. Now we will configure Site-To-Site VPN Connection in Azure. But we will not be able to test the connection due to some restriction in our On-Premise environment.

Configure Site-To-Site VPN Connection :

Now we have all the required resources to create Site-to-Site VPN connection between our VPN device and the virtual network gateway. So let’s create the Site-to-Site VPN connection,

Start by Log in to azure portal and search for virtual network gateways and open our ready Virtual Network Gateway (MSTechs_VNet_GW) as shown in the following figure.

Figure 4: Azure Networking – Site-to-Site VPN_Virtual Network gateway

In the above figure, we can see Connections under Setting section. Go to Connections landing page and from there click +Add button to create a new connection as shown in the following figure.

Figure 5: Azure Networking – Site-to-Site VPN – creating New connection

In the wizard fill the relevant information and click ok as shown in the following figure.

Figure 6: Azure Networking – creating New Site-to-Site VPN connection

As in the above figure, we have configured our Site-to-Site connection with following information.

  • Name: Name of the connection, here it is “Azure-To-ManasOnPremise”.
  • Connection Type: Type of the VPN, here it must be set to Site-to-Site.
  • Virtual Network Gateway: Select the relevant virtual network gateway.
  • Local Network Gateway: Select the relevant local network gateway for your connection
  • Shared Key: This is the pre-shared key you going to use for the VPN configuration.
Figure 7: Azure Networking – created New Site-to-Site VPN connection

Once the connection is created as shown in the above figure, we can see the connection status as shown in the following figure.

Figure 8: Azure Networking – New Site-to-Site VPN connection overview

In the following figure, the status is still Connecting as it is trying to establish the connection with On-premise. It is because, we have one more step to go. We need to configure our On-premise VPN device to finalize our configuration. As I said earlier, we have some restriction to configure anything in our On-premise. So I am sharing following information to configure VPN device. The following information is from one of the Microsoft document.

Configure your VPN device (From Microsoft document) :

Site-to-Site connections to an on-premises network require a VPN device. In this step, you configure your VPN device. When configuring your VPN device, you need the following:

  • A shared key. This is the same shared key that you specify when creating your Site-to-Site VPN connection. In our examples, we use a basic shared key. We recommend that you generate a more complex key to use.
  • The Public IP address of your virtual network gateway. You can view the public IP address by using the Azure portal, PowerShell, or CLI. To find the Public IP address of your VPN gateway using the Azure portal, navigate to Virtual network gateways, then click the name of your gateway.

Download VPN device configuration scripts:

Depending on the VPN device that you have, you may be able to download a VPN device configuration script. For more information, see Download VPN device configuration scripts.

See the following links for additional configuration information:

I hope this article helps you to get basic information of configuring Site-to-Site connection.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles

Thanks for reading  🙂

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.