Configure Azure VPN
You can use VPN Gateway to connect an Azure network and your network On premise. So you can have your ressources on azure and on local Network.
How to configure VPN Gateway
Before configure VPN Gateway, access to the Azure Portal (https://portal.azure.com/) and click Create ressource / Networking / Virtual Network.
Configure the various fields and then click Create. The creation of the Vnetwork is done.
Is now necessary to specify a DNS server. From the Browse menu, select virtual network and then the Vnetwork previously created, in the settings menu, click DNS Server. Configure the DNS server you want. With no DNS server in AZURE, I use 188.8.131.52. Click Save for validate the modification.
It is now necessary to undertake the creation of a subnet Gateway to the virtual network. The gateway subnet you create must be named GatewaySubnet or it will not work properly. In the settings panel, click subnets, and then click the icon + subnet. Enter GatewaySubnet in the name field and the desired address range. Click OK to create the subnet.
It is now necessary to create the virtual network Gateway. In the Azure portal, click All Services and enter Virtual Network Gateway on Search field.
Click on Create virtual network gateway. Set the fields as desired. Regarding the type of VPN with no router (Cisco, Juniper,…) I used the feature routing and remote access on a Windows Server 2012 R2 server. The type based on strategies is not supported with RRAS. To find out what type of VPN can be used, it is possible to use this link:
Click OK to validate the modification.
Wait until the bridge is fully created. When the gateway has been creaated, go to the properties of the bridge to see the assigned public IP address.
Before creating a VPN connection, it is necessary to create a local network Gateway. In the Azure portal, click on Create a resource / Networking / Connection. The local network gateway refers to your on-premises location. You’ll give the local network gateway a name by which Azure can refer to it.
Select Site-to-site (IPSEC) on Connection type drop-down list. Select Resource Group and Location. Click on OK to validate the choice.
Select Virtual Network Gateway previously created and click on Local network gateway.
Click on Create new and enter Name, IP Address and Address Space of your on premise network.
Enter the Shared Key (PSK) and click on OK. You can now lauch the creation.
On the Gateway, the connection has been added.
Now it’s time to connect the two sites (on premise and Azure). Initially a VM running 2012 R2 has been installed. Subsequently the role routing and remote access has been added. On the Routing and remote access console, right click on server and select Configure and Enable Routing and Remote Access.
Configuration Windows Select custom configuration.
Select Custom configuration on the wizard and click on Next.
Check VPN access and Lan routing checkboxes.
Click Finish and Start the service. In the console, right-click on network interface, and then select New demand-dial interface.
Select the name of the interface, and then click Next.
Leave the default value in the window Type of connection (default value : connect using a virtual private network). In the virtual network type window, select IKZv2, and then click Next.
Enter the IP address of your gateway Azure (Virtual Network Gateway) and click Next.
In the protocols window and security, let check Route IP packets on this interface and click Next. Click Next on other Windows and Finish for create the network interface. A new interface is present in the console.
It’s important to complete the configuration of the new interface by entering the previously configured PSK (shared key). Go to the properties of the interface, and then click the Security tab. Check use a pre-shared key for authentication and enter the value of the key.
On the Options tab, configure the connections to be permanent.
In order to route ip packets, a static route has been added to the IPV4 console / static route. It is necessary to inform the iD of the virtual network, the network interface and the subnet mask to use. Select Static Routes and create new static routes.
My LAN connected to the Internet through a router, I have of the performed a port forwarding(TCP/UDP 50, UDP 500 and UDP 4500). Subsequently the connection could be initiated by the connection (right click / Connect).
Returning in virtual network gateway in the Azure portal, the connection has changed state. She now has the connected state.
A data exchange is already made between the two sites. Click on the connection in order to get more information.