You can use VPN Gateway to connect an Azure network and your network On premise. So you can have your ressources on azure and on local Network.
How to configure VPN Gateway
Before configure VPN Gateway, access to the Azure Portal (https://portal.azure.com/) and click New / Networking / Virtual Network.
Leave Resource Manager in the deployment model drop-down list and then click Create.
Configure the various fields and then click Create. The creation of the Vnetwork is done.
Is now necessary to specify a DNS server. From the Browse menu, select virtual networks and then the Vnetwork previously created, in the settings menu, click DNS Server. Configure the DNS server you want. With no DNS server in AZURE, I use 126.96.36.199. Click savefor validate your modification.
It is now necessary to undertake the creation of a subnet Gateway to the virtual network. The gateway subnet you create must be named GatewaySubnet or it will not work properly. In the settings panel, click subnets, and then click the icon + subnet. Enter GatewaySubnet in the name field and the desired address range. Click OK to create the subnet.
It is now necessary to create the virtual network Gateway. In the Azure portal, click New / Networking / Virtual Network Gateway.
Set the fields as desired. Regarding the type of VPN with no router (Cisco, Juniper,…) I used the feature routing and remote access on a Windows Server 2012 R2 server. The type based on strategies is not supported with RRAS. To find out what type of VPN can be used, it is possible to use this link:
Click Create to create the Gateway.
Wait until the bridge is fully created. When the gateway has been creaated, go to the properties of the bridge to see the assigned public IP address./p>
Before creating a VPN connection, it is necessary to create a local network Gateway. In the Azure portal, click on New / Networking / Local network gateway.
The local network gateway refers to your on-premises location. You’ll give the local network gateway a name by which Azure can refer to it.
Enter the name you want as your On-Premise gateway IP address (the IP address used in production, it is not visible. Enter the address used in the local network as well as the resource group you want. Click create.
You can now create your VPN Connection. In the virtual network Gateway settings, click Connections. And then click Add.
Enter the desired name and select the connection Type drop-down list, the value Site to Site (IPSec). Select the created gateways created earlier. Finally enter a PSK key (only of number and letters). Click OK.
Now it’s time to connect the two sites (on premise and Azure). Initially a VM running 2012 R2 has been installed. Subsequently the role routing and remote access has been added. The options selected in the wizard are as follows
Select custom configuration.
In the next window, select the VPN access and network routing checkboxes.
Click Finish and Start the service. In the console, right-click on network interface, and then select new demand-dial interface.
Select the name of the interface, and then click Next.
Leave the default value in the window “Type of connection” (default value : connect using a virtual private network). In the virtual network type window, select IKZv2, and then click Next.
Enter the IP address of your gateway Azure (Virtual Network Gateway) and click Next.
In the protocols window and security, let select route IP packets on this interface and click Next.
Click Next on other Windows and Finish for create the network interface. A new interface is present in the console.
We will complete the configuration of the new interface by entering the previously configured PSK (shared key). Go to the properties of the interface, and then click the Security tab. Check use a pre-shared key for authentication and enter the value of the key.
On the Options tab, configure the connections to be permanent.
In order to route ip packets, a static route has been added to the IPV4 console / static route. It is necessary to inform the iD of the virtual network, the network interface and the subnet mask to use.
My LAN connected to the Internet through a router, I have of the performed a port forwarding(TCP/UDP 50, UDP 500 and UDP 4500). Subsequently the connection could be initiated by the connection (right click / Connect).
Returning in virtual network gateway in the Azure portal, the connection has changed state. She now has the connected state.
A data exchange is already made between the two sites. Click on the connection in order to get more information.
I have created a virtual machine in Azure using the VMNetwork created earlier and it is possible since my VM 2012 R2 on-premises to hand (remote desktop) on this virtual machine. Thus, it would be possible to access any other resource using the VMNetwork in Azure