Azure Site-to-Site VPN configuration
This configuration will be helpful when you need to test an application deployed in a VM from Azure Cloud which connects to a VM located on-premises.
This configuration is done via a site-to-site VPN connection using a Virtual Network Gateway.
The configuration diagram and the steps needed to build it are displayed below:
Configuration steps:
Create a VNet that will store your Azure VM and the Virtual Network Gateway.
1.1 Create a VNet and give it a name inside your resource group.
1.2 On the IP addresses tab, create an address space: 10.0.0.0/16
1.3 Add a subnet: 10.1.0.0/24 and named it: FrontEnd. This subnet will be used to store the VM from Azure.
The private IP address for the VM is: 10.1.0.4
Create a VM machine in the Azure Cloud and make sure it is using the subnet from above:
I have configured the VM to allow RDP connections over port 3389 and ICMP connections required for pinging (or you can disable the Windows firewall):
2. Create the gateway subnet
2.1 Open the virtual network created before and create a subnet to be used for the Gateway: 10.1.1.0/24
3. Create the Virtual Network Gateway
3.1. Create a virtual network gateway named: VNet1GW with the following settings:
3.2 Give the name for the public ip address as shown below:
3.3 It will take around 45 mins to 1 hr for the deployment to complete.
3.4 Open the virtual network gateway and notice the Public IP address and the virtual network subnet used, see below:
4. Create the Local Network Gateway
4.1.Use the following site to get the external ip address of your machine:
4.2 Set the ip address for the Local Network Gateway
4.3 Specify the address space for your local network, see below:
5, Create the Routing and Remote Access VPN on the VM server from on-premises
5.1.Create a virtual machine on your local computer.
5.2.Use a Windows Server iso image from Microsoft (I have used 2019).
5.3.Use a client tool to create the VM (I have used Oracle Virtual Box).
5.4 Add the following server role, Remote Access, see below:
5.5 Configure Routing and Remote Access, see below:
Right-click on Network Interfaces and create a new Demand-dial interface, see below:
Add a name for the interface: Azure S2S
Use the IP address of the Virtual Network Gateway next, see below:
Next screen keep it as default.
Add a static route of the subnet that contains our virtual machine in the Cloud, see below:
The address I have used is: 10.1.0.0 as opposed with the value in the screen from below:
Next window, keep default.
Finish.
Right-click on the Azure S2S network interface and click Properties, see below:
On the next dialog, create a preshared key (I have used: abc1234) that will be used as well by the Site-to-Site VPN connection in Azure:
6. Create a site-to-site connection
6.1.Open Connections in Azure Portal and create a new connection named: VNet1toSite1, see below:
6.2. Use Site-to-site for the connection type selection.
6.3 .Choose the virtual network gateway and the local network gateway and the pre-shared key as used before (abc1234)
6.4. Use IKEv2 protocol
6.5. The other configurations are as described below:
7. Test the configuration
In the Azure S2S network interface, in the VM from on-premises, right-click and click on "Connect".
Once the state it is connected, you can verify the state in Azure Portal as well, see below:
You can ping now the VM located on premise from the Azure VM (opened with RDP) , see below:
And the opposite, the VM located in Azure VM from the on-premises VM (opened with the Virtuall Box), see below:
References: