Skip to main content

Configuring an Azure VNet-to-VNet VPN Gateway

Hands-On Lab

 

Photo of Shawn Johnson

Shawn Johnson

Azure Training Architect II in Content

Length

01:30:00

Difficulty

Intermediate

Virtual network gateways enable us to connect your on-premises network to an Azure datacenter. We can then extend our IT presence into the cloud by integrating Azure resources with our local Active Directory. A VPN gateway is a fast, secure way to start our organization's move to the cloud. In this hands-on lab, we configure one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well. Note: The specific region is no longer critical in this lab. A new version of this lab is coming soon. Instead of S West US, West US is providioned in the lab.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring an Azure VNet-to-VNet VPN Gateway

Introduction

Virtual network gateways enable us to connect your on-premises network to an Azure datacenter. We can then extend our IT presence into the cloud by integrating Azure resources with our local Active Directory. A VPN gateway is a fast, secure way to start our organization's move to the cloud.

In this hands-on lab, we configure one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well.

Solution

  1. Log in to the Azure Portal using the credentials provided on the lab instructions page.

  2. Click All resources and verify the resources available for the lab.

Log On to the Virtual Machine in DFW

  1. Click the link for the DFW virtual machine. It will begin with vm-dfw-.

  2. Click Connect at the top of the virtual machine window.

  3. Click Download RDP File.

  4. Open Microsoft Remote Desktop.

  5. Inside Microsoft Remote Desktop, select the Import Desktops... option from the menu bar in the Preferences menu.

  6. Select the RDP file downloaded in a previous step.

  7. Click the vm-dfw- desktop and select Edit.

  8. Uncheck the Connect to admin session option.

  9. Click the Display tab and uncheck the Start session in full screen option.

  1. Under Resolution, select a resolution suitable based on your monitor configuration.

  2. Click Save.

  3. Click the vm-dfw- desktop and connect to it.

  4. Use the username azureuser and the password LA!2018!Lab to connect to the desktop.

  5. Click Continue on the warning dialog that appears.

Verify Lack of Connectivity to the Virtual Machine in NYC

  1. In the DFW VM, click the Start Menu.

  2. Launch Remote Desktop.

  3. In the Computer: field, enter "10.1.0.4".

  4. Click Connect.

  5. Verify the connection can not be established.

  6. Click OK to cloase the error dialog.

Create Two Virtual Network Gateways

  1. In the Azure Portal, click New from the left-hand menu.

  2. Click Networking from the list under Azure Marketplace

  3. Click Virtual network gateway on the right-hand side or use search.

  4. Under Location, select South Central US from the combo box.

  5. Under Name, enter "VNG-DFW".

  6. Under SKU, select Basic from the combo box.

  7. Click Choose a virtual network and select the DFW VNet.

  8. Under Public IP, select Use existing. Make sure it selects the second DFW public IP address.

  9. Click Create.

  1. Once the deployment is in progress, repeat steps 1 through 9 above. However, this time use a Location of East US, a Name of "VNG-NYC", choose the NYC VNet for the virtual network, and make sure the Public IP is set to the second NYC public IP address.

  2. Click the Notifications icon (the bell) at the top of the window and wait until the notifications indicate both deployments succeeded.

Create a VPN Connection on VNG-DFW

  1. Close the notifications in the Azure Portal.

  2. Click All resources from the left-hand menu.

  3. Click VNG-DFW.

  4. Under Settings, click Connections.

  5. Click + Add.

  6. Under Name, enter "DFW-NYC".

  7. Click the Second virtual network gateway box and select VNG-NYC.

  8. Under Shared key (PSK), enter "abc123".

  9. Click OK.

Create a VPN Connection on VNG-NYC

  1. Click All resources from the left-hand menu.

  2. Click VNG-NYC.

  3. Under Settings, click Connections.

  4. Click + Add.

  5. Under Name, enter "NYC-DFW".

  6. Click the Second virtual network gateway box and select VNG-DFW.

  7. Under Shared key (PSK), enter "abc123".

  8. Click OK.

  9. Click the Notifications icon (the bell) at the top of the window and wait until the notifications indicate both connections have been created.

  1. Close the Notifications window and wait until both connections have a status of Connected.

Verify Connectivity to Virtual Machine in NYC

  1. Navigate back to the DFW VM.

  2. In the Remote Desktop Connection window, enter "10.1.0.4" in the Computer: field.

  3. Click Connect.

  4. Log in using the username azureuser and the password LA!2018!Lab.

  5. Click OK.

  6. Accept the certificate warning.

  7. Verify that you connected to the NYC VM.

Conclusion

Congratulations — you've completed this hands-on lab!