Quick n Easy – VNet-to-VNet VPN from new Azure Portal using GUI

6-CreateVNETGateway

All from the new Azure portal now! No powershell required!

Finally, its here, you can now easily create VNet-to-VNet and/or Site-to-Site VPN in GUI mode without using Powershell or visual studio.

Here is the step by step proccess followed to create a VPN connection between 2 Azure VNets:

  1.  Create a Resource Group that will contain the first VNet. It will contain the VNet that represents our New Delhi preoduction subnet:1-DelRG
  2. Next, click New -> Networking -> Virtual Network to create a new VNet:2-NewNetworkingVirtualNetwork
  3. Select Resource Manager as the deployment model and click Create:3-ResMgrCreate
  4. Fill in the details for the VNet including Name, Address Space, subnet address range and select the resource group created in the earlier step and click Create:4-FillDetails
  5. Makes sure the VNet deployment succeeds:5-DeploymentSucceeds
  6. On the Subnets tab of the VNet Settings click Add to add a ‘GatewaySubnet‘.5a-AddGatewaySubnetNote: The name of this subnet must be ‘GatewaySubnet‘ and the address range must not be larger than /16 or smaller than /29.
  7. Make sure the GaewaySubnet is created successfully:5b-gateSubnetCreated
  8. Next, click New -> Networking -> Virtual Network Gateway to add a virtual network gateway to the VNet (DelVNET) created above:6-CreateVNETGateway
  9. Provide the details om the Create virtual network gateway tab and choose the VNet created above to attach it to the VNet:7-SelectYourVNETNote: The VNet name will appear greyed out if the GatewaySubnet has not been created as required in the previous step.
  10. Choose to create a new Public IP or attach an existing if created earlier:8-NewPubIP
  11. Keep the slection of VPN Type as Route-based as this is the type that supports VNET-to-VNET VPN connections:9-SelectRouteBased
  12. Select the Resource Group created earlier for the first VNet and click Create:10-SelectExistingRGCreate                                            Note: It takes around 30-32 mins for the successful creation of the VNet gateway.
  13. After the successful deployment of the virtual network gateway, go to VNet Gateway Properties and make a note of the PUBLIC IP ADDRESS allocated to this VNet Gateway:10a-GatewayCreatedin30mins
  14. Go to the Connections tab and notice that there are no connections added to this VNet at this stage:10b-NoConnections
  15. Now, follow the similar steps to create the second Azure Virtual Network. Create a new Resource Group for VNet2 (LondonResGrp in this example):11-CreateLondonRG
  16. Create a new Virtual Network in this resource group. Provide the virtual network  details and click Create:                    12-CreateLondinVNET
  17. Once created successfully, add the ‘GatewaySubnet‘ to this virtual network as done for the first VNet:13-AddGatewaySub
  18. Make sure the GatewaySubnet is created successfully:14-CreatedSuccessfully
  19. Next, create a new Virtual Network gateway to associate it with the new VNet just created (LonVNET in this example) :15-AddVNETGatewaySelectLonVNET
  20. Choose to create a new Public IP or add existing:16-AddPubIP
  21. Choose to add it to the existing resource group created already for LondonVNET and click Create:                                     17-MakeAptSelection
  22. Once the Virtual network gateway is successfully created, make a note of its PUBLIC IP ADDRESS from the virtual network gateway properties:17a-GaewayCreatedin30mins
  23. On the Connections tab, notice that there are no connections added at this stage:17b-Noconnections
  24. On the Connection Pane click Add. Provide the details including connection Name, type (leave default VNET-to-VNET) and the Second virtual network gateway to which the connection will be initiated (DelVNETGateway in this example):19-AddConnection
  25. Type a preshared key (the same key will be used later while making connection from VNet 1 to VNet2), select the LonResGrp and click OK:20-TypeNewPSK
  26. Notice that the connection status is still shown as Not Connected:21-ConnCreated-Notconnected
  27. Repeat the above 2 steps to Add a connection to the DelVNETGateway (VNet 1) created earlier and initiate a connection to the LonVNETGateway (VNet 2) with the same preshared key:22-AddConnectionToDelWithSamePSK
  28. Once both the connections are created the connection status is shown as Connected in a few mins and the Bytes In and Bytes Out values can be read from the details pane of each connection:23-PSKSame
  29. Here is a snip from Lon-ProdVM1 that resides in the LondonVNET. The WindowsAzure folder in the C drive has been Shared with everyone for Read access:24-VerifyLonProdVM1
  30. To verify the cross-VNET connectivity, here is a snip of Del-ProdVM1 residing in the DelhiVNET. The share on \\10.12.1.4 (Lon-ProdVM1) can noow be accessed directly within the same network:25-FromDel-ProdVM1

 

Cheers!

4 thoughts on “Quick n Easy – VNet-to-VNet VPN from new Azure Portal using GUI”

  1. Can you create the same VNET to VNET connections across different subscriptions using the Azure Resource Manager portal only? My issue is that I can’t see the virtual network gateway for the opposite subscription with the portal view.

  2. Very cool. It works. Can you do another one for Site-to-site for on premise? I still do not see the same GUI look and feel as the old portal for this. It is a shame MS is taking so long. All of this ARM stuff should have been done 3 years ago

  3. Hi all,

    I’ve set up the following scenario in Azure Resource Manager (ARM) within the same subscription:

    1. I’ve created x3 vNets:

    • WebAppvNet: 10.1.0.0/16 – WebAppSubnet: 10.1.1.0/24 – GatewaySubnet: 10.1.2.0/24 (I know it could be smaller but it’s far from the /16 limit). The WebAppSubnet has a Web App deployed to it in order to control inbound traffic from the Internet with NSG. As part of this configuration process, the GatewaySubnet and the point to site VPN were created as well.
    • vNet01: 10.2.0.0/16 – Subnet01: 10.2.0.0/24 – GatewaySubnet: 10.2.1.0/24
    • vNet02: 10.3.0.0/16 – Subnet01: 10.3.1.0/24 – GatewaySubnet: 10.3.0.0/24

    2. x3 vNet gateways:

    • WebAppvNet-gateway – vNet01-GW connection
    • vNet01-GW – WebAppvNet-gateway – vNet02-GW connections
    • vNet02-GW – vNet01-GW connection

    3. All resources are hosted in the same Resource Group.
    4. Gateway configuration was set to default:

    • Gateway type: VPN
    • VPN type: Route-based (since policy-based don’t support vNet-vNet VPNs)

    5. All the vNet, subnet, gateway subnet and vNet gateways were created successfully.
    6. However, under vNet Gateways – Status these show up as Succeeded & sometimes it changes to Not Connected.
    7. I deployed a couple of VMs to vNet01 & vNet02 and effectively these cannot ping each other.
    8. There’s no NSG between vNets yet.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s