top of page

Azure Site-to-Site using VPN Gateway configuration

Azure Site-to-Site VPN configuration


This configuration will be helpful when you need to test an application deployed in a VM from Azure Cloud which connects to a VM located on-premises.

This configuration is done via a site-to-site VPN connection using a Virtual Network Gateway.

The configuration diagram and the steps needed to build it are displayed below:


Configuration steps:

  1. Create a VNet that will store your Azure VM and the Virtual Network Gateway.

1.1 Create a VNet and give it a name inside your resource group.

1.2 On the IP addresses tab, create an address space: 10.0.0.0/16

1.3 Add a subnet: 10.1.0.0/24 and named it: FrontEnd. This subnet will be used to store the VM from Azure.



The private IP address for the VM is: 10.1.0.4

Create a VM machine in the Azure Cloud and make sure it is using the subnet from above:


I have configured the VM to allow RDP connections over port 3389 and ICMP connections required for pinging (or you can disable the Windows firewall):


2. Create the gateway subnet

2.1 Open the virtual network created before and create a subnet to be used for the Gateway: 10.1.1.0/24


3. Create the Virtual Network Gateway

3.1. Create a virtual network gateway named: VNet1GW with the following settings:


3.2 Give the name for the public ip address as shown below:



3.3 It will take around 45 mins to 1 hr for the deployment to complete.

3.4 Open the virtual network gateway and notice the Public IP address and the virtual network subnet used, see below:



4. Create the Local Network Gateway

4.1.Use the following site to get the external ip address of your machine:

4.2 Set the ip address for the Local Network Gateway

4.3 Specify the address space for your local network, see below:



5, Create the Routing and Remote Access VPN on the VM server from on-premises

5.1.Create a virtual machine on your local computer.

5.2.Use a Windows Server iso image from Microsoft (I have used 2019).

5.3.Use a client tool to create the VM (I have used Oracle Virtual Box).



5.4 Add the following server role, Remote Access, see below:


5.5 Configure Routing and Remote Access, see below:







Right-click on Network Interfaces and create a new Demand-dial interface, see below:



Add a name for the interface: Azure S2S



Use the IP address of the Virtual Network Gateway next, see below:


Next screen keep it as default.

Add a static route of the subnet that contains our virtual machine in the Cloud, see below:

The address I have used is: 10.1.0.0 as opposed with the value in the screen from below:


Next window, keep default.

Finish.

Right-click on the Azure S2S network interface and click Properties, see below:


On the next dialog, create a preshared key (I have used: abc1234) that will be used as well by the Site-to-Site VPN connection in Azure:


6. Create a site-to-site connection

6.1.Open Connections in Azure Portal and create a new connection named: VNet1toSite1, see below:



6.2. Use Site-to-site for the connection type selection.

6.3 .Choose the virtual network gateway and the local network gateway and the pre-shared key as used before (abc1234)

6.4. Use IKEv2 protocol

6.5. The other configurations are as described below:



7. Test the configuration

In the Azure S2S network interface, in the VM from on-premises, right-click and click on "Connect".



Once the state it is connected, you can verify the state in Azure Portal as well, see below:



You can ping now the VM located on premise from the Azure VM (opened with RDP) , see below:


And the opposite, the VM located in Azure VM from the on-premises VM (opened with the Virtuall Box), see below:


References:

20 views0 comments

Recent Posts

See All

Comments


bottom of page