{"id":4601,"date":"2023-01-31T11:59:28","date_gmt":"2023-01-31T19:59:28","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4601"},"modified":"2023-01-31T11:59:31","modified_gmt":"2023-01-31T19:59:31","slug":"how-to-configure-site-to-site-vpn-gateway-connection-between-azure-and-on-premises-network","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4601","title":{"rendered":"How To Configure Site-to-Site VPN Gateway Connection Between Azure and On-premises Network"},"content":{"rendered":"\n

When you are in hybrid cloud setup with azure, using site-to-site VPN gateway you can have better continuity for your workloads. in this post, I am going to demonstrate how to set up site-to-site VPN Gateway.<\/p>\n\n\n\n

Requirements <\/strong><\/p>\n\n\n\n

Before start make sure you have following in place. <\/p>\n\n\n\n

1) VPN device<\/strong> \u2013 you need to have VPN device in on-premises to create the VPN connection with azure. the supported list of devices can found on here<\/a>. Also, you need to have the relevant knowledge to configure it on your device. I am not going to cover it in details here as settings are different based on the vendor. <\/p>\n\n\n\n

2) Static Public IP address<\/strong> \u2013 your VPN device should have external public IP address and it shouldn\u2019t be NAT. <\/p>\n\n\n\n

3) Valid Azure Subscription<\/strong> \u2013 Of because you need active Azure subscription. It can be paid or free trial. <\/p>\n\n\n\n

Create Virtual Network <\/strong><\/p>\n\n\n\n

If you already have virtual network setup in your azure subscription, you will not need to do this step but make sure the settings are correct. <\/p>\n\n\n\n

1) Log in to the azure portal.<\/p>\n\n\n\n

2) Go to New > Networking > Virtual Network <\/strong><\/p>\n\n\n\n

\"vpn1\"<\/a><\/figure>\n\n\n\n

3) Then click on create <\/strong><\/p>\n\n\n\n

\"vpn2\"<\/a><\/figure>\n\n\n\n

4) In next page, it will open up the wizard with the VNet information. In their fill the information to match with your configuration.<\/p>\n\n\n\n

\"vpn3\"<\/a><\/figure>\n\n\n\n

Name<\/strong> \u2013 Name for the VNet<\/p>\n\n\n\n

Address Space <\/strong>\u2013 IP range for the VNet. If you have multiple Address ranges, it can add later. <\/p>\n\n\n\n

Subnet name<\/strong> \u2013 Name for the subnet you like to add <\/p>\n\n\n\n

Subnet Address range <\/strong>\u2013 Subnet IP range (it must be within the Address Space listed before)<\/p>\n\n\n\n

Resource Group<\/strong> \u2013 Can create new group or select existing group<\/p>\n\n\n\n

Location <\/strong>\u2013 location of the VNet<\/p>\n\n\n\n

After that click on create<\/strong> continue.<\/p>\n\n\n\n

5) Once VNet created, can modify the address ranges and subnets.<\/p>\n\n\n\n

\"vpn4\"<\/a><\/figure>\n\n\n\n

Create Gateway Subnet <\/strong><\/p>\n\n\n\n

Next step is to create gateway subnet for the VNet. It is recommended to use \/28 or \/27 for gateway subnet. This need to be done before connecting VNet to the gateway. <\/p>\n\n\n\n

1) Log in to the Azure Portal<\/p>\n\n\n\n

2) Then go to More Services > Virtual Networks <\/strong><\/p>\n\n\n\n

\"vpn5\"<\/a><\/figure>\n\n\n\n

3) Then click on the VNet<\/strong>, created on previous step and click on subnets<\/strong>. Then click on gateway subnet <\/strong><\/p>\n\n\n\n

\"vpn6\"<\/a><\/figure>\n\n\n\n

4) In the next window define the subnet for the gateway and click OK<\/strong><\/p>\n\n\n\n

\"vpn7\"<\/a><\/figure>\n\n\n\n
\"vpn8\"<\/a><\/figure>\n\n\n\n

Create Virtual Network Gateway<\/strong><\/p>\n\n\n\n

Next step is to create virtual network gateway. <\/p>\n\n\n\n

1) Log in to azure portal <\/p>\n\n\n\n

2) Go to New > Networking > Virtual Network Gateway <\/strong><\/p>\n\n\n\n

\"vpn9\"<\/a><\/figure>\n\n\n\n

3) In next window fill the relevant information and click on Create<\/strong><\/p>\n\n\n\n

\"vpn10\"<\/a><\/figure>\n\n\n\n

Name<\/strong> \u2013 Name for the virtual network gateway<\/p>\n\n\n\n

Gateway Type<\/strong> \u2013 For our VPN it will be VPN <\/p>\n\n\n\n

VPN Type<\/strong> \u2013 Type of the VPN and regular VPN will be route-based<\/p>\n\n\n\n

SKU <\/strong>\u2013 SKU for the VPN type<\/p>\n\n\n\n

Virtual Network <\/strong>\u2013 in here select the VNet you have created following previous step<\/p>\n\n\n\n

Public IP Address<\/strong> \u2013 VPN need to have public IP address. Select public IP from here or if you don\u2019t have, once you click on the option it will allow you to add new one. <\/p>\n\n\n\n

Location<\/strong> \u2013 make sure you select the correct region to match with VNet region. <\/p>\n\n\n\n

4) It can take up to 45 minutes to complete the task. Once it\u2019s done can see the public IP address details. You need this to configure the VPN device in yours on premises device. <\/p>\n\n\n\n

\"vpn11\"<\/a><\/figure>\n\n\n\n

Create Local Network Gateway<\/strong><\/p>\n\n\n\n

The next step is to create local gateway which represent your local network. To create it,<\/p>\n\n\n\n

1) Log in to azure portal<\/p>\n\n\n\n

2) Go to New > Networking > Local network gateway<\/strong><\/p>\n\n\n\n

\"vpn12\"<\/a><\/figure>\n\n\n\n

3) Then it will open new wizard and fill the relevant information. After that click on create<\/strong> to proceed<\/p>\n\n\n\n

\"vpn13\"<\/a><\/figure>\n\n\n\n

Name<\/strong> \u2013 Name for the local gateway <\/p>\n\n\n\n

IP Address<\/strong> \u2013 Public IP address to represent your VPN device. It should not behind NAT. <\/p>\n\n\n\n

Address Space<\/strong> \u2013 This is yours on premises address ranges. You can add multiple ranges.<\/p>\n\n\n\n

Resource Group<\/strong> \u2013 you can create new resource group or use the same one you were using. <\/p>\n\n\n\n

\"vpn14\"<\/a><\/figure>\n\n\n\n

Create Site-to-Site VPN<\/strong><\/p>\n\n\n\n

Then next step is to create Site-to-Site VPN connection between your VPN device and the virtual network gateway. To create it,<\/p>\n\n\n\n

1) Log in to azure portal<\/p>\n\n\n\n

2) Go to More Services > Virtual network gateways <\/strong><\/p>\n\n\n\n

\"vpn15\"<\/a><\/figure>\n\n\n\n

3) Then click on the virtual network gateway<\/strong> you created and, under the settings<\/strong> tab, click on connection<\/strong><\/p>\n\n\n\n

\"vpn16\"<\/a><\/figure>\n\n\n\n

4) Then click on add<\/strong><\/p>\n\n\n\n

\"vpn17\"<\/a><\/figure>\n\n\n\n

5) In the wizard fill the relevant information and click ok<\/strong>. <\/p>\n\n\n\n

\"vpn18\"<\/a><\/figure>\n\n\n\n

Name<\/strong> \u2013 Name of the connection <\/p>\n\n\n\n

Connection Type<\/strong> \u2013 Type of the VPN. Most of the time its site-to-site<\/p>\n\n\n\n

Virtual Network Gateway<\/strong> \u2013 you need to select the relevant virtual network gateway<\/p>\n\n\n\n

Local Network Gateway<\/strong> \u2013 in here need to select the relevant local network gateway for your connection<\/p>\n\n\n\n

Shared Key<\/strong> \u2013 This is the pre-shared key you going to use for the VPN configuration<\/p>\n\n\n\n

6) Once its created it\u2019s all about configuring the VPN in your VPN device. <\/p>\n\n\n\n

7) Once connected you can see the status in same page by clicking on connection<\/strong>. <\/p>\n\n\n\n

\"vpn19\"<\/a><\/figure>\n\n\n\n

Hope this was helpful.<\/p>\n\n\n\n

Ref: Step-by-Step guide to configure site-to-site VPN Gateway connection between Azure and on-premises network – Technical Blog | REBELADMIN<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

When you are in hybrid cloud setup with azure, using site-to-site VPN gateway you can have better continuity for your workloads. in this post, I am going to demonstrate how to set up site-to-site VPN Gateway. Requirements  Before start make sure you have following in place.  1) VPN device \u2013 you need to have VPN device Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1249,10,9],"tags":[1485,1484],"class_list":["post-4601","post","type-post","status-publish","format-standard","hentry","category-azure-microsoft","category-microsoft","category-networks","tag-configure-site-to-site-vpn-between-azure-and-on-premises-network","tag-configure-site-to-site-vpn-gateway-connection-between-azure-and-on-premises-network"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4601"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4601\/revisions"}],"predecessor-version":[{"id":4602,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4601\/revisions\/4602"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}