Azure VPN Gateway Tutorials

This tutorial series guides you through setting up and configuring Azure VPN Gateway for secure site-to-site connectivity.

Introduction to Azure VPN Gateway

Azure VPN Gateway is a managed service that enables you to create and manage virtual private network (VPN) gateways to securely connect your on-premises networks to your Azure virtual networks.

Key benefits include:

  • Secure Connectivity: Encrypts traffic between your on-premises network and Azure.
  • Scalability: Offers various SKUs to meet different performance and throughput needs.
  • Hybrid Cloud: Facilitates a seamless hybrid cloud environment.

In this tutorial, we will walk through the fundamental steps to establish a site-to-site VPN connection.

Prerequisites

Before you begin, ensure you have the following:

  • An active Azure subscription.
  • Permissions to create and manage network resources within your subscription.
  • An on-premises network with a VPN device that supports IPsec/IKE.
  • A static public IP address for your on-premises VPN device.

Step 1: Create a Virtual Network (VNet)

First, we need to create an Azure Virtual Network where our VPN Gateway will reside.

Follow these steps in the Azure portal:

  1. Navigate to Virtual Networks and click Create.
  2. Select your subscription and resource group.
  3. Provide a name for your VNet (e.g., MyVNet).
  4. Choose a region (e.g., East US).
  5. Define an IP address space (e.g., 10.1.0.0/16).
  6. Create a subnet for the VPN gateway. This subnet must be named GatewaySubnet and have a prefix of at least /27 (e.g., 10.1.255.0/27).

For detailed instructions, refer to the official Azure VNet documentation.

Step 2: Deploy the VPN Gateway

Now, we deploy the Azure VPN Gateway. This process can take 30-45 minutes.

  1. In the Azure portal, search for Virtual network gateways and click Create.
  2. Select your subscription and resource group.
  3. Provide a name for your VPN Gateway (e.g., MyVpnGateway).
  4. Choose the same region as your VNet.
  5. Set the Gateway type to VPN.
  6. Set the VPN type to Route-based (recommended for most scenarios).
  7. Select the SKU based on your performance requirements (e.g., VpnGw1).
  8. Associate it with the GatewaySubnet you created earlier.
  9. Configure the Public IP address: select Create new and provide a name for the public IP.

Important Note:

Deploying a VPN Gateway is a resource-intensive operation and can take a significant amount of time. Ensure you have sufficient time allocated for this step.

Step 3: Configure a Local Network Gateway

The Local Network Gateway represents your on-premises network to Azure.

  1. In the Azure portal, search for Local network gateways and click Create.
  2. Select your subscription and resource group.
  3. Provide a name (e.g., MyOnPremisesNetwork).
  4. Choose the same region as your VPN Gateway.
  5. For IP address, enter the static public IP address of your on-premises VPN device.
  6. For Address space, enter the IP address ranges of your on-premises network that you want to connect to Azure (e.g., 192.168.1.0/24).

Step 4: Create a Connection

Finally, create the connection resource that links your Azure VPN Gateway to your on-premises network.

  1. Navigate to your newly created Virtual network gateway in the Azure portal.
  2. Under Settings, click Connections, then click Add.
  3. Provide a name for the connection (e.g., AzureToOnPrem).
  4. Set the Connection type to Site-to-site (IPsec).
  5. Select the Local network gateway you created in the previous step.
  6. Enter a Shared key (PSK). This must match the pre-shared key configured on your on-premises VPN device.
  7. Ensure IKE Protocol is set to IKEv2 (recommended).
  8. Click OK.

You will also need to configure your on-premises VPN device to establish the tunnel. This typically involves:

  • Specifying the public IP address of your Azure VPN Gateway.
  • Configuring the IPsec/IKE parameters (e.g., encryption, hashing, Diffie-Hellman group) to match Azure's defaults or your custom settings.
  • Using the same shared key.

Step 5: Test the Connection

Once the connection is established, test connectivity:

  • In the Azure portal, go to your Virtual network gateway, then to Connections. Verify the status of your connection is Connected.
  • From a virtual machine in your Azure VNet, try to ping or access a resource on your on-premises network.
  • From an on-premises machine, try to ping or access a resource on a virtual machine in your Azure VNet.

Conclusion

Congratulations! You have successfully set up a site-to-site VPN connection using Azure VPN Gateway. This secure tunnel allows your on-premises resources to communicate with your Azure resources as if they were on the same network.

This tutorial covered the basic setup. For more advanced configurations, such as VNet-to-VNet connections, co-existence with ExpressRoute, or high availability, please explore other Microsoft Learn modules.

Next Steps:

Explore additional Azure VPN Gateway scenarios: High Availability, VNet-to-VNet Connections.