Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to create a VPN S2S in Microsoft Azure

·578 words·3 mins· 100 views · 5 likes ·
Get-AzureRmLocalNetworkGateway Get-AzureRmVirtualNetworkGateway Get-AzureRmVirtualNetworkGatewayConnection Microsoft

This quick blog post, shows, how to use Azure PowerShell to deploy a site-to-site VPN Gateway between Azure and On-Premise. Requirements: This tutorial assumes that you already have a Microsoft Azure account set up and you have the PowerShell Azure module on your machine installed. If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.

Login-AzureRmAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Get-AzureRmSubscription
Select-AzureRmSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment and connection properties.

#Resource Group
$ResourceGroupName = 'RG-PROD'
$Location = 'westeurope'

#Virtual Network
$VirtualNetworkName = 'AZ-VNET'
$VirtualNetworkAddressPrefix = '192.168.0.0/16'

#Subnets
$GatewaySubnetName = 'GatewaySubnet'
$GatewayAdressPrefix = '192.168.0.0/27'

$VMSubnetName = 'VMs-Subnet'
$VMAdressPrefix = '192.168.11.0/24'

#Public IP Address
$PublicIPGatewayName = 'AZ-VNG-PIP'
$IpAllocation = 'Dynamic'   #Dynamic,Static

#Local Network Gateway
$LocalNetworkGatewayName = 'GW-Local'
$PublicIpLNG = '0.0.0.0' #the IP address of your on-premises VPN device
$PrivatePrefixLNG = '172.16.1.0/24' #The $PrivatePrefixLNG is your on-premises address space

#Virtual Network Gateway
$AzureVirtualGatewayName = 'GW-AZ'
$GatewayType = 'vpn'   #Vpn, ExpressRoute
$VpnType =   'RouteBased' #PolicyBased, RouteBased
$GatewaySku = 'Basic' #Basic, Standard, HighPerformance, UltraPerformance
#VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ

#Gateway Connection properties
$GatewayConnectionName = 'AZ-Local'
$SharedKey = 'T5jE0nWR7SWQwqcyTErr' #The value here must match the value that you are using for your VPN device
$ConnectionType = 'IPSec' #IPsec, Vnet2Vnet, ExpressRoute, VPNClient
$RoutingWeight = '10' #Default value 10 (optional)
Resource Deployment>

Resource Deployment #

In this section, we deploy Azure resources. Once we know the public IP assigned to Azure Gateway, we can finish the configuration of our VPN device.

#Create a resource group
New-AzureRmResourceGroup `
    -Name $ResourceGroupName `
    -Location $Location

#Creates the configuration of the virtual network subnets
$subnetGateway = New-AzureRmVirtualNetworkSubnetConfig `
    -Name $GatewaySubnetName `
    -AddressPrefix $GatewayAdressPrefix

$subnetVM = New-AzureRmVirtualNetworkSubnetConfig `
    -Name $VMSubnetName `
    -AddressPrefix $VMAdressPrefix


#Create the Virtual Network
New-AzureRmVirtualNetwork `
    -Name $VirtualNetworkName `
    -ResourceGroupName $ResourceGroupName `
    -Location $Location `
    -AddressPrefix $VirtualNetworkAddressPrefix `
    -Subnet $subnetGateway, $subnetVM


#Create the local network gateway
New-AzureRmLocalNetworkGateway `
    -Name $LocalNetworkGatewayName `
    -ResourceGroupName $ResourceGroupName `
    -Location $Location `
    -GatewayIpAddress $PublicIpLNG `
    -AddressPrefix $PrivatePrefixLNG


#Request a Public IP address
$gatewaypip= New-AzureRmPublicIpAddress `
    -Name $PublicIPGatewayName `
    -ResourceGroupName $ResourceGroupName `
    -Location $Location `
    -AllocationMethod $IpAllocation


#Create the gateway IP addressing configuration
$vnet = Get-AzureRmVirtualNetwork `
    -Name $VirtualNetworkName `
    -ResourceGroupName $ResourceGroupName

$subnet = Get-AzureRmVirtualNetworkSubnetConfig `
    -Name $GatewaySubnetName `
    -VirtualNetwork $vnet

$gatewayipconfig = New-AzureRmVirtualNetworkGatewayIpConfig `
    -Name gwipconfig1 `
    -SubnetId $subnet.Id `
    -PublicIpAddressId $gatewaypip.Id


#Create the VPN gateway
New-AzureRmVirtualNetworkGateway `
    -Name $AzureVirtualGatewayName `
    -ResourceGroupName $ResourceGroupName `
    -Location $Location `
    -IpConfigurations $gatewayipconfig `
    -GatewayType $GatewayType `
    -VpnType $VpnType `
    -GatewaySku $GatewaySku

#Create the VPN connection
$gateway1 = Get-AzureRmVirtualNetworkGateway `
    -Name $AzureVirtualGatewayName `
    -ResourceGroupName $ResourceGroupName


$local = Get-AzureRmLocalNetworkGateway `
    -Name $LocalNetworkGatewayName `
    -ResourceGroupName $ResourceGroupName

New-AzureRmVirtualNetworkGatewayConnection `
    -Name $GatewayConnectionName `
    -ResourceGroupName $ResourceGroupName `
    -Location $Location `
    -VirtualNetworkGateway1 $gateway1 `
    -LocalNetworkGateway2 $local `
    -ConnectionType $ConnectionType `
    -RoutingWeight $RoutingWeight `
    -SharedKey $SharedKey
Verify the VPN connection>

Verify the VPN connection #

We can check the status of our connection using the following command.

Get-AzureRmVirtualNetworkGatewayConnection `
    -Name $GatewayConnectionName `
    -ResourceGroupName $ResourceGroupName

VPN S2S in Microsoft Azure
If you want to know more about Azure VPN Gateway, check out this link.