Azure VPN

Azure VPN

You can use VPN Gateway to connect an Azure network and your network On premise. So you can have your ressources on azure and on local Network.

How to configure VPN Gateway

Before configure VPN Gateway, access to the Azure Portal (https://portal.azure.com/) and click Create ressource / Networking / Virtual Network.

Create a ressource on azure for Azure VPN

Configure the various fields and then click Create. The creation of the Vnetwork is done.

Create virtual network for VPN Azure

Is now necessary to specify a DNS server. From the Browse menu, select virtual network and then the Vnetwork previously created, in the settings menu, click DNS Server. Configure the DNS server you want. With no DNS server in AZURE, I use 8.8.8.8. Click Save for validate the modification.

Configure DNS for Azure VPN

It is now necessary to undertake the creation of a subnet Gateway to the virtual network. The gateway subnet you create must be named GatewaySubnet or it will not work properly. In the settings panel, click subnets, and then click the icon + subnet. Enter GatewaySubnet in the name field and the desired address range. Click OK to create the subnet.

Add GatewaySubnet on Virtaul network for VPN

It is now necessary to create the virtual network Gateway. In the Azure portal, click All Services and enter Virtual Network Gateway on Search field.

Create Virtual Network Gateway VPN

Click on Create virtual network gateway. Set the fields as desired. Regarding the type of VPN with no router (Cisco, Juniper,…) I used the feature routing and remote access on a Windows Server 2012 R2 server. The type based on strategies is not supported with RRAS. To find out what type of VPN can be used, it is possible to use this link:
Azure Link Click OK to validate the modification.

Create virtual network Gateway VPN

Configure gateway VPN

Wait until the bridge is fully created. When the gateway has been creaated, go to the properties of the bridge to see the assigned public IP address.

View Public Ip address for the virtual gateway on Azure

Before creating a VPN connection, it is necessary to create a local network Gateway. In the Azure portal, click on Create a resource / Networking / Connection. The local network gateway refers to your on-premises location. You’ll give the local network gateway a name by which Azure can refer to it.

Create local gateway network for VPN

Select Site-to-site (IPSEC) on Connection type drop-down list. Select Resource Group and Location. Click on OK to validate the choice.

Configure connection for Azure VPN

Select Virtual Network Gateway previously created and click on Local network gateway.

Select virtual network Gateway vpn

Click on Create new and enter Name, IP Address and Address Space of your on premise network.

Create local Network gateway vpn

Enter the Shared Key (PSK) and click on OK. You can now lauch the creation.

Enter Shared Key on Azure VPN

On the Gateway, the connection has been added.

Connection has been added

Now it’s time to connect the two sites (on premise and Azure). Initially a VM running 2012 R2 has been installed. Subsequently the role routing and remote access has been added. On the Routing and remote access console, right click on server and select Configure and Enable Routing and Remote Access. Configuration Windows Select custom configuration.

Configure Routing and Remote Access for vpn.

Select Custom configuration on the wizard and click on Next.

Select custom configuration for create vpn

Check VPN access and Lan routing checkboxes.

VPN and Routing Access

Click Finish and Start the service. In the console, right-click on network interface, and then select New demand-dial interface.

Access to New demand dial interface

Select the name of the interface, and then click Next.

Add new Azure interface

Leave the default value in the window Type of connection (default value : connect using a virtual private network). In the virtual network type window, select IKZv2, and then click Next.

Select protocol for VPN

Enter the IP address of your gateway Azure (Virtual Network Gateway) and click Next.

Enter IP address of Gateway Azure

In the protocols window and security, let check Route IP packets on this interface and click Next. Click Next on other Windows and Finish for create the network interface. A new interface is present in the console.

Interface has been present on Routing and Remote Access

It’s important to complete the configuration of the new interface by entering the previously configured PSK (shared key). Go to the properties of the interface, and then click the Security tab. Check use a pre-shared key for authentication and enter the value of the key.

Configure interface with psk

On the Options tab, configure the connections to be permanent.

Persistent connection configured

In order to route ip packets, a static route has been added to the IPV4 console / static route. It is necessary to inform the iD of the virtual network, the network interface and the subnet mask to use. Select Static Routes and create new static routes.

Add new IPV4 static route

My LAN connected to the Internet through a router, I have of the performed a port forwarding(TCP/UDP 50, UDP 500 and UDP 4500). Subsequently the connection could be initiated by the connection (right click / Connect).

Interface has been present on Routing and Remote Access

Returning in virtual network gateway in the Azure portal, the connection has changed state. She now has the connected state.

The connection has been connected

A data exchange is already made between the two sites. Click on the connection in order to get more information.

Exchange data is ok between the two site

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.