You have already seen the different steps that are involved in the creation of a virtual network to virtual network connection. In the case of an S2S connection, you need to configure the on-premises device as well. Azure administrators will only create the necessary resources in Azure; then it’s the responsibility of the on-premises network administrators to configure the local network gateway. Once the local network gateway is configured, then you can create the VPN connection. Figure 4.11 gives a high-level overview of the steps involved in creating an S2S connection.
FIGURE 4.11 Steps to configure S2S
In the steps mentioned in Figure 4.11, you have already seen the relevance of the initial stages such as creating virtual networks and subnets, specifying the DNS server, creating the gateway subnet, and creating the VPN gateway. Here, you have a new stage to create a local network gateway. Since you are already acquainted with the initial steps, let’s go ahead and understand the new steps that are involved in the S2S connection.
The local network gateway refers to the on-premises location. You create a reference resource called a local network gateway in Azure to specify your on-premises site. While creating the local network gateway, you will specify the address prefixes that are there in the on-premises network. You can search for local network gateways in Azure portal, as shown in Figure 4.12.
FIGURE 4.12 Navigating to the local network gateway
When you create the local network gateway, you need to provide inputs (refer to Figure 4.13). You can use either an IP address or an FQDN to specify your on-premises VPN device. Azure VPN gateway will be establishing connectivity to this device. Other than the IP address and address prefix, you will be asked to choose the subscription, resource group, and location for the resource.
Once the local network gateway is created, Azure knows the IP address or FQDN of your on-premises device. Now it’s time to configure the on-premises device and configure it with the IP address of the Azure VPN gateway. There are a set of VPN devices that are compatible with the Azure VPN gateway. All well-known vendors like Cisco, Juniper, Barracuda Networks, and Ubiquiti have partnerships with Microsoft and helped in creating the list of supported devices. Certain devices may still work, even though they are not in the supported list of devices. You can contact the manufacturer for support and configuration of these devices.
FIGURE 4.13 Creating a local network gateway
To configure the on-premises device, you need the following:
- Shared key: The shared key that you entered in the site-to-site connection. You added this key when you created the site-to-site connection in the VPN gateway.
- Public IP of the VPN gateway: The public IP address of the VPN gateway created in Azure.
With the aforementioned details, you will be able to set up your on-premises device. As of now, you created the local network gateway in Azure to let the Azure VPN gateway know the IP address of your on-premises environment. Similarly, in your on-premises environment, you added the key and public IP address of your Azure VPN gateway. Since both the gateways know each other, the only thing remaining is to create a connection between these two. This is the last stage of establishing a site-to-site connection.
As you did in the case of virtual network to virtual network connectivity, you need to navigate to the Connections blade of the VPN gateway to configure the S2S connection. The key difference here is that instead of choosing the connection type as virtual network to virtual network, you need to choose Site-to-Site (IPSec). After that you need to select the local network gateway and provide the key, as shown in Figure 4.14. Once you confirm all the details, click OK, and the connection will be initiated. If the on-premises configuration is made correctly, after a couple of minutes the connection status will change to the connected status.
If you know how to create the virtual network to virtual network connection, you can easily establish an S2S connection. The difference is, in the case of virtual network to virtual network, both the ends are virtual networks; however, in S2S one end is on-premises. To reference the on-premises site, you create a local network gateway in Azure. Then you will create a site-to-site connection in Azure referencing the local network gateway. The next step is to configure your on-premises device with the shared key and the public IP address of the Azure VPN gateway.
FIGURE 4.14 Creating a site-to-site connection
Leave a Reply