Professional Documents
Culture Documents
Resource Manager
Leave a comment
Introduction
Site-to-site Virtual Private Network (VPN) is used to establish connections between different locations of
companies, amongst others. This way the different locations can exchange data with each other through a
secure connection. In Azure, Site-to-Site VPN is used to establish connections between the Azure tenant and
the on-premises environment. Making use of the Site-to-Site VPN connection it is possible to create one large
network. This is called a hybrid environment.
Before creating a site-to-site VPN make sure that the VPN endpoint device will support the connection with
Azure and a that public IPv4 IP address is available. To check if the VPN device is supported, please see the
following website: https://azure.microsoft.com/nl-nl/documentation/articles/vpn-gateway-about-vpn-devices/
This blogpost will focus on Azure Resource Manager portal and contains six steps that should be performed in
sequence. Please note that the configuration of the VPN endpoint device located on-premises will not be
discussed in this blogpost. The following steps should be taken to create a Site-to-Site VPN in Azure:
In order to create a resource group please login to the Azure portal at https://portal.azure.com. The resource
groups icon is accessible on the left side of the portal (Figure 1).
Figure 1. Azure resource groups.
When the resource groups are not shown, click on Browse and search for resource groups, then mark them
as favorite. From this moment on they will appear in the list.
In this example the goal is the create a VPN connection in Azure. First a resource group for the Virtual
Network should be created. To do so click on the Resource groups, select Add, fill out the required fields
and select Create (Figure 2).
Figure 2. Create Resource Group ARM.
In the Azure portal select Virtual networks. Once again if the item is not shown, click on Browse, search
for virtual networks and mark them as favorite.
Create a virtual network by clicking Add. Fill out the required fields and click on Create (Figure 3).
Figure 3. Create a virtual network.
If desired, it is possible to add multiple subnets, for example one for the front-end servers and one for the back-
end servers.
Route based: (Dynamic routing) will support multiple VPN connections and uses IKEv2.
Policy Based: (Static routing) supports a single VPN connection and works with IKEv1.
*When a virtual network gateway is re-created it will come with a new public IP address from Microsoft. Keep in
mind to change the (old) IP address in the VPN endpoint device that is used on-premises.
In the Azure portal select Virtual networks gateways and click Add. Fill out the required fields and click
on Create (Figure 4).
*Provisioning a virtual network can take up to 45 minutes.
In the next step fill out the information provided below and shown in detail in Figure 4.
Virtual network: Select the virtual network that has been created in step 2.
Public IP addresses: Select Azures public IP address.
Gateway type: Select VPN.
VPN type: Select Route-based.
Figure 4. Create virtual network gateway.
IP addresses: This must be the IP address of the VPN endpoint device located on-premises.
Address space: All the address spaces thats being used on-premises.
*The address space used on-premises may have absolutely no overlap with the address space in Azure!
In the Azure portal select Local networks gateways and click Add. Next, fill out the required fields and
click on Create (Figure 5).
Figure 5. Create local network gateway.
When creating multiple VPN connections, for example to different locations and/or companies, this step
should be performed for each connection.
Virtual network gateway: Select the virtual network gateway that was created in step 3.
Local network gateway: This option cannot be changed. The VPN connection must be added to the local
network gateway that was created in step 4.
Shared key (PSK): This key will be used for encryption for the connection. Type in a random mix of
letters and numbers (do not use special characters in the key). Make sure that this exact key will be used for
the configuration of the VPN connection on-premises.
Figure 6. Add Connection configuration.
Go to Local network gateway and click on the connection. The local network gateway settings will be
visible, click on Connections and select the connection. The information displayed here is showing the
current connection status and data traffic, see Figure 7 for details. It is also possible to see the connection
properties of the VPN connection as presented in Figure 8.
To open directly the VPN connections, click on Browse in the Azure Portal, search for connections and
mark them as favorite.
Figure 7. VPN Connection details.
Figure 8. Properties of the configured VPN connection.
If executed all steps as described above, a successful VPN connection between the on-premises environment
and the Azure environment has been established.