Azure VPN Setup

TL;DR

This guide shows you how to set up a Site-to-Site (S2S) VPN connection between your on-premises network and an Azure Virtual Network. It covers creating the virtual network gateway, local network gateway, and the connection itself.

Prerequisites

• An active Azure subscription
• A Resource Group created in Azure
• Details of your on-premises network (public IP address, subnet information)

Step 1: Create the Virtual Network Gateway

The virtual network gateway is the core component that allows connections to and from Azure.

1. In the Azure portal, search for ‘Virtual network gateways’ and click ‘Create’.
2. Select your Resource Group.
3. Give your gateway a name (e.g., myVnetGateway).
4. Choose a Gateway type of ‘VPN’.
5. Select the VPN type as ‘Route-based’.
6. Select a SKU (Basic is for testing, Standard or High Performance are production options).
7. Select your existing Virtual Network.
8. The Public IP address will be created automatically; you can also create a new one if needed.
9. Click ‘Review + Create’ and then ‘Create’. This process takes around 45 minutes to an hour.

Step 2: Create the Local Network Gateway

The local network gateway represents your on-premises network in Azure.

1. Search for ‘Local network gateways’ and click ‘Create’.
2. Select your Resource Group.
3. Give your gateway a name (e.g., myLocalGateway).
4. Enter the public IP address of your on-premises VPN device.
5. Enter an Address Space representing your on-premises network’s subnet(s) (e.g., 192.168.1.0/24).
6. Click ‘Review + Create’ and then ‘Create’.

Step 3: Create the VPN Connection

This step connects your virtual network gateway to your local network gateway.

1. Navigate to your Virtual Network Gateway.
2. Click on ‘Connections’ under ‘Settings’.
3. Click ‘Add’.
4. Give the connection a name (e.g., myVPNConnection).
5. Select your Local Network Gateway.
6. Choose a Shared key (PSK) – this is a secret password for authentication. Important: Keep this secure!
7. Enable ‘IPsec/IKE policy’ if you need specific encryption settings; otherwise, leave it at default.
8. Click ‘OK’.

Step 4: Verify the Connection

Check that the connection status is ‘Connected’. It may take a few minutes to establish.

1. In the Azure portal, go back to your Virtual Network Gateway.
2. Under ‘Settings’, click on ‘Connections’.
3. The ‘Connection Status’ should show as ‘Connected’. If it shows ‘Not connected’, review your settings and ensure your on-premises VPN device is configured correctly.

Step 5: Configure On-Premises VPN Device

You need to configure your on-premises VPN device with the following information from Azure:

• Virtual Network Gateway Public IP Address
• Shared Key (PSK)
• IPsec/IKE parameters (if you enabled a custom policy in Step 3)

The specific configuration steps will vary depending on your VPN device manufacturer. Refer to their documentation.