Skip to main content

Configuring an Azure VNet-to-VNet VPN Gateway (v2)

Hands-On Lab

 

Photo of Shawn Johnson

Shawn Johnson

Azure Training Architect II in Content

Length

01:30:00

Difficulty

Intermediate

Virtual network gateways enable us to connect our on-premises network to an Azure data center. We can then extend our IT presence into the cloud by integrating Azure resources with our local Active Directory. A VPN gateway is a fast, secure way to start our organization's move to the cloud. In this hands-on lab, we connect one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well. Note: The lab has been updated with pre-deployed Azure virtual network gateways.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring an Azure VNet-to-VNet VPN Gateway (v2)

Introduction

Virtual network gateways enable us to connect our on-premises network to an Azure data center. We can then extend our IT presence into the cloud by integrating Azure resources with our local Active Directory. A VPN gateway is a fast, secure way to start our organization's move to the cloud. In this hands-on lab, we connect one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well. Note: The lab has been updated with pre-deployed Azure virtual network gateways.

Solution

Log in to the Azure Portal with the credentials provided. Click All Resources in the navigation hub menu and become familiar with the provisioned Azure resources.

We will be using RDP to access our Windows virtual machines in this lab. For MacOS and Linux workstations, you may need to download an RDP application in order to connect to these virtual machines:

Log in to Azure Portal and Verify Lack of Connectivity Between Virtual Machines

  1. Log in to the Azure Portal using the credentials provided.
  2. Click on the virtual machine named vm-dfw-XXXXX, where XXXXX is a five-character unique lab ID for this lab.
  3. Inside the virtual machine blade, click Connect.
  4. Click Download RDP File.
  5. Open the RDP file to connect to the virtual machine.
  6. Log in to the virtual machine using the following credentials:
    • Username: azureuser
    • Password: LA!2019!Lab1
  7. In the DFW VM, open the Remote Desktop Connection application.
  8. In the Computer field, enter the IP address of the virtual machine in NYC: 10.1.0.4. Verify that we are unable to connect.

Note: Optionally, we can test connectivity from the NYC virtual network by performing the previous steps using the VM in NYC. Log in to the VM in NYC and try to connect to the VM in DFW using its IP: 10.0.0.4.

Create VPN Connections

  1. In the Azure Portal, navigate to All resources.
  2. Click VNG-DFW.
  3. Once in the blade for the gateway, click Connections.
  4. Click + Add. Use the following settings, leaving all other settings at their default values:
    • Name: DFW-NYC
    • Second virtual network gateway: VNG-NYC
    • Shared key (PSK): abc123
  5. Click OK to create the connection.
  6. Click All resources.
  7. Click VNG-NYC.
  8. Once in the blade for the gateway, click Connections.
  9. Click + Add. Use the following settings, leaving all other settings at their default values:
    • Name: NYC-DFW
    • Second virtual network gateway: VNG-DFW
    • Shared key (PSK): abc123
    • IKE Protocol: IKEv2
  10. Click OK to create the connection.

Wait for Connections to Become Connected

Once the connections are created, the status for each connection initializes to Unknown. They will both change to Updating, then Connecting, and finally Connected. Once both connections are Connected, proceed to the next task.

Tip: Switching back and forth between Connections and another topic (such as Configuration) should properly refresh the connection status. Simply hitting "Refresh" doesn't seem to actually do anything.

Verify Connectivity Between Virtual Machines

  1. In the DFW VM, open Remote Desktop Connection.
  2. Attempt to connect to 10.1.0.4. Verify that we are now able to connect.
  3. Use the same login credentials we used to log in to the virtual machine:
    • Username: azureuser
    • Password: LA!2019!Lab1
  4. In the dialog asking us to verify the certificate, click Yes. We should then be logged in to the NYC VM.

Note: Optionally, in the NYC VM, we can open Remote Desktop Connection again, attempt to connect to 10.0.0.4, and verify we are now able to connect.

Conclusion

Congratulations on successfully completing this hands-on lab!