Recently I was setting up my Site-to-Site (S2S) VPN in order to expand Active Directory into the Cloud.
Microsoft has a very good tutorial walk through on creating a Cross-Premises Virtual Network for Site-to-Site Connectivity. This is the tutorial that I used to get things setup. It has a good diagram, but my home lab setup is not exactly the same as an enterprise setup.
Instead of a dedicated VPN device, I have my home modem/router which my lab server connects to, and the Virtual Machines connect to the Internet via a Routing and Remote Access Service (RRAS) server.
So after logging into my Azure account, I started by creating a new Virtual Network.
Since networking is not my highest skill, I tried to clarify things by being very specific in my naming (to keep things easy).
On the Virtual Network Details page, provide a Name, select the Location, and connect it to an existing Subscription, then click Next (arrow).
On the DNS Servers and VPN Connectivity page, you can specify a DNS server but in my lab example I don’t have an Active Directory server in Azure yet (that’s the whole point of setting up the VPN). Also notice that I have selected the “Configure a site-to-site VPN” option. Then click the Next arrow.
On the Site-To-Site Connectivity page, in the Name field, type a descriptive name for your on-prem network. In my example, I used “LocalLabNetwork” so it would be clear in the diagram where all the pieces fit together.
In the Address Space field, provide the IP Address subnet from your on-prem environment that you want to have access into the Azure environment.
In the VPN Device IP Address field, enter the public IP address of your VPN device. Since my lab server is sitting behind my consumer modem/router, this would be my public IP address provided by my ISP. Note that your VPN device cannot be behind a NAT device. So I had to do something different in my home environment.
Since my lab environment is behind my modem/router, and I have a RRAS server in my internal lab network, my RRAS server needs direct access to the Internet. Even though my Hyper-V virtual switch is configured with external access, this still doesn’t meet the requirement.
I actually had to assign a static IP address to my RRAS server from my home modem/router, but also, I had to add that static IP address to my router’s DMZ to allow it directly out to the Internet.
Back in Azure, on the Virtual Network Address Space page, you can divide the address spaces in the Azure network into different subnets.
After clicking the checkmark, the Virtual Network will be created. In my experience, it can take a little time before the Virtual Network is finished being created. But once it is done, Virtual Networks will show the newly created network, and the status will show “Created“.
In the next part of this series, I will walk through my experience with connecting the Azure Virtual Network to my on-prem RRAS server running in my home lab.