In this video creating and configuring a site-to-site connection between Azure and an on-premises environment is detailed, including enabling the subnet and VPN gateway.
- [Instructor] In this demonstration, I'm going to show you how we set up a site-to-site connection between our Azure network and our on-premise network. I am going to make some assumptions within this demo itself, and I'll point those out as we go through it. I've logged into Azure, and I happen to be in my VNetConnectivity resource group. And I already have a network created, called Production, and that's all we've done here, nothing else. I'm going to go ahead and pop into the Production network, and when I provisioned this network, I just took the default subnet. I have not modified this at all.
One thing to keep in mind when you are doing this site-to-site, you will need to bring your own DNS, and you will need to add in your DNS server. I do not have a DNS server provisioned for this. I am just going to enter in a fake IP. And I'm going to leave it as that. I'm going to go ahead and click Save. I'm going to go ahead and close that blade, pop back into my network. Next, I'm going to go ahead and click on Subnets. What I now need to add is a gateway subnet. I'm going to click on Gateway subnet. The name is already populated for me. Our IP address range, again, is already populated for me, and you could adjust this as necessary.
And I'm going to leave the route table as None. I'm going to click OK. Next, we need to add in the virtual network gateway. And so, we've created the gateway subnet. Now we need to add in the gateway resource. I'm going to close my window. I'm going to click on Add, and I have the option to type virtual network gateway, or it might be available to you, as it is here, and I'm just going to go ahead and click on the virtual network gateway, and then, Create. This will look very familiar to what we did when we created our virtual network to our virtual network. I'm going to provide a name.
This will be my site-to-site gateway. I'm going to be working with a VPN gateway and not ExpressRoute. And our VPN type will be route-based. Remember, you will have to determine whether or not your VPN device can support route-based connectivity, or are you looking at policy-based? You'll pick the appropriate SKU. A basic can be used for test and dev. Otherwise, you're looking at a standard or high-performance. I'm going to go ahead and use a standard. Next, we're going to go ahead and choose our virtual network. And you'll notice that our network is not available to us. If this happens to you, it's because the location is not correctly selected.
I put this in the East US 2. I'm going to go ahead, close that blade, and then reopen it. There we are. This will show me all of the networks that are available within the East US 2 region. I am choosing the one that is in my resource group. Next, we need a public IP address. If you already have public IP addresses, they may be available to you. In this case, I need to create a brand-new one. I'm going to leave the default name as is, and click OK. Remember, you also must have a public IP address associated to your on-premise environment as well.
Next, your subscription and your location. And before we get started, you're going to notice here, we have, way at the bottom, provisioning of virtual network gateway may take up to 45 minutes. I'm going to go ahead, click Create, and then head off for lunch. I've come back from my lunch, and I'm ready to continue building out our site-to-site connection to connect Azure to our on-premise environment. Our next step is to create a local network gateway. To do so, click Add, and then you'll probably have to search for it. And then choose Local network gateway. And when we're referring to local network gateway, we're actually referring to our on-premise environment.
You're going to provide a name. The IP address that you are providing here is the public IP address of your local gateway. So you'll need that information. You can go ahead and add in additional address spaces, if you wish, and the rest of the information will be automatically populated for you, if you did it through the resource group. Please note, I am using a dummy IP address here. I will not be connecting to an actual VPN device. I'm going to go ahead and click Create. And this will take a few moments. Now that our deployment has succeeded, let's go ahead and take a look at it.
I'm going to have to refresh. I'm going to close this, and there's our OnPrem network gateway. One thing I want to point out here as well is our IP address must be a public IP. This will not work if you are behind NAT. If you are behind NAT, you are going to have to configure a point-to-site configuration. Your next step is to configure the VPN device. Again, in this situation, I do not have a VPN device that I am going to be configuring. And always refer to the Azure documentation on VPN devices that are supported.
One thing that you will need in order to configure your VPN device is the IP address of our gateway in Azure. And to access that, all you're going to do is click in your virtual network gateway, and you'll see your public IP address will be listed for you. We are going to assume that we have our VPN device configured. Our next step is to go ahead and create that VPN connection itself, and we're actually going to do it from within the virtual network gateway. We're going to click in Connections, and then Add. You will provide a name, and your connection type.
In this case, it is a site-to-site. Our virtual network gateway is already selected for us. But now, we're going to go ahead and choose the local network gateway. This is what we configured in our last step. And that will be the OnPrem. And now, we have to create a highly secretive shared key. And everything else is selected for us. Go ahead, click OK. I'm going to go ahead and close this blade. To verify that we are connected, you would go ahead and open up the virtual network gateway one more time, and then click on Connections.
Mine will have an error, again, because I'm not actually connecting to a real, physical VPN device. If I had connected to a VPN device, our status here would be Succeeded and Connected. Mine, obviously, is going to bounce around between Unknown and Succeeded. And that's all there is to it, to connect your on-premise environment to your Azure virtual networks. It's actually not that hard. You'll just have to wait for that gateway to be configured. And I do want to just quickly mention, if you're still in the classic portal, this process is very different.
And you'll want to refer to the documentation on how to create a site-to-site connection in the classic portal before attempting it.
- Creating an Azure virtual network
- Creating a virtual network using PowerShell
- Deploying a VM into a virtual network
- Modifying IP addresses
- Working with Azure DNS
- Configuring NSGs
- Setting up load balancers
- Configuring Azure load balancers
- Creating an application gateway
- Setting up on-premises connectivity
- Adding gateway VPNs
- Validating VPN devices
- Configuring VNet
- Creating site connections