In the previous post, we configured a Virtual Network in Azure. Now we need to configure its connectivity to our on-prem.
We will start by creating a Gateway. Logged into our Azure subscription, navigate to the Networks space that should show the Azure Virtual Network we created in the previous post.
Click on the Virtual Network, and click on the Dashboard link. You should see that the Virtual Network is ready, but it is waiting for a Gateway.
At the bottom of the page, click on the Create Gateway button, and choose the applicable option (either Static or Dynamic). In my lab example, I am using Dynamic Gateway.
You will be prompted to confirm that you want to create a Gateway for this Virtual Network.
Even though Microsoft says that it may take up to 15 minutes for the gateway to be created, in my experience, it actually takes longer than that.
After the gateway is created, we need 3 pieces of information to connect the Azure Virtual Network to the on-prem lab network.
First, we need the newly created Gateway IP Address. This is accessible via the Dashboard view of the Virtual Network.
Second, we need the Shared Key for the network (if you are configuring a physical network/VPN device). On the same Dashboard screen, at the bottom of the page, click on the Manage Key button.
Copy the Managed Shared Key. Refer to the following to Configure The VPN Device.
Third, we need to configure the on-prem VPN device. Depending on what type of VPN device you have, the configuration script provided will be different. In my lab example, as was mentioned in the previous post, I’m using a Virtual Machine that is running the Routing and Remote Access Service (RRAS) service.
So, click on the Download Device VPN Script link.
In the dialog, choose the applicable selections. In my lab example, I’m using RRAS running on Windows Server 2012 R2.
If you take a look at the .CFG file, in this lab example, you will notice that it will contain the Azure Gateway IP address, the Azure Virtual Network IP subnet, and the Shared Secret (which is the Managed Shared Key).
In my lab example, I copied the .CFG file to my RRAS virtual machine. Then I changed the file extension from .CFG to .PS1 (aka PowerShell). This way I can run the script on the RRAS server, which will configure the connection from on-prem to Azure.
After the script runs, you will have to reboot the RRAS server. Back in Azure, you will also have to click the “Connect” to enable the Azure connection to the on-prem VPN.
Test Site-to-Site VPN Connectivity
Now that we have the site-to-site VPN configured and communicating, we can create a Virtual Machine in order to test/confirm connectivity.
Note: When you create the VM, remember to set the Virtual Network to the Azure Virtual Network that you created for this VPN.
Once the Virtual Machine is created, login and attempt to PING an IP address from your on-prem environment. In my lab example, my internal lab network is using the 192.168.1.0/24 subnet.
Notice that I am testing connectivity via PINGing against an IP address and not against a server name. This is because we don’t yet have a DNS server configured for the Azure virtual network, nor do we have an Active Directory Domain Controller installed in Azure yet (this will be detailed in a different post).
If you look at Azure Virtual Network, you will now see the Virtual Machine listed.
So that covers my experience in setting up and configuring Azure Site-to-Site VPN into my home lab. Now that we have this connectivity available, we can explore other Azure services. Stay tuned for more Azure articles.
If anyone has any requests, please feel free to contact me (via the About Me page).
Don’t forget to check out the following:
CANITPro: Did you know there is a site dedicated to Canadian IT professionals? You can win a 3D movie prize package by upgrading your IT skills with Microsoft. Check out CANITPRO At The Movies, either in English: CANITPro At The Movies or French: CANITPro At The Movies
Azure: Sign up for a FREE trial and get $200 to spend on Microsoft Azure cloud computing services. Full access, no strings.
MSDN: Ever wanted to work with the latest Microsoft technologies, without having to spend thousands of dollars? Now you can, with the MSDN subscription.