Image from: https://docs.microsoft.com/en-us/azure/vpn-gateway/design#V2V
In Azure, to setup VPN service, we use Virtual Network Gateway and Local Network Gateway. For more information, you can refer here.
Azure has already written a very detailed and completed walk through about this topic but I just want to write my own post, for my own reference.
The concept of Azure VPN service is pretty simple,
- Create a Vnet with subnet in it
- Create a VPN Server (VNG). A dedicated subnet is created along the way
- A VPN connection configuration (LNG) and you are good to go!
Do pay attention that it takes about 45 minutes to provision VNG!
I will skip the creating Vnet part as it is quite simple. Let’s get started from creating VNG.
For Gateway subnet address range, the smallest mask is /29. Here you will create a dedicated subnet for VNG. You will also assign a Public IP address to VNG which is used to connect to other VPN servers. For example,
Once you click create, you can go and make yourself a coffee and come back after 45 minutes.
Next we create LNG.
For IP address, input the destination VPN WAN IP.
For Address space, input the destination local network segments which will be access from Azure.
For example, from Azure(192.168.0.0/16) to AWS(10.0.0.0/16), so 10.0.0.0/16~32 can be inputed.
Next we bundle this configuration(LNG) to VPN server(VNG) by adding Connections.
For Virtual network gateway, choose the previous created VNG.
Local network gateway is inputed automaticaly.
Input your Shared key for authentication with destination VPN server.
Once done, after about 3 to 5 minutes, you will see the status is connected if everything is setup correctly.
Lastly, create a VM to verify the connection. We can see that VM from Azure (192.168.1.4) is able to ping and tracert VM at AWS (10.0.1.125)!
Actually to perform this verification, I configured forced tunneling on Azure VM subnet so that all traffic from Azure VM is outbound to VNG. I will post another walk though regarding forced tunneling.
