Some time ago, I wrote a post showing how to deploy an Azure VPN S2S (site to site) from scratch. But this time, I will use the new PowerShell Az module and show you how to deploy it in an existing Azure virtual network.

Requirements: This tutorial assumes that you already have a Microsoft Azure account set up and you have the PowerShell Azure module on your machine installed. If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.

If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you’re ready to start.

Set the variables

Here, we define the characteristics of our environment and the properties of the connection.

Resource Deployment

In this section, we deploy Azure resources. Once we know the public IP assigned to Azure Gateway, we can finish the configuration of our VPN device.

Add a dedicated subnet in the existing VNET

You should create a new subnet in your network configuration, and it must be called “GatewaySubnet”. To do this, use the Add-AzVirtualNetworkSubnetConfig cmdlet with the following syntax.


Create a local network gateway for your on-premises gateway

Then, you should create a Local Network Gateway using the values ​​of the public IP address of your VPN device, as well as the address prefix of your local network. To do this, use the New-AzLocalNetworkGateway cmdlet with the following syntax


Request a Public IP address

A critical resource of a VPN gateway is a public IP address. To create this resource using the New-AzPublicIpAddress cmdlet with the following syntax.

Deploy an Azure VPN Gateway

Once the public IP is created, you should first establish the IP configuration using the New-AzvirtualNetworkGatewayIpConfig cmdlet and then create the Azure VPN Gateway using the New-AzVirtualNetworkGateway cmdlet with the following syntax.

Azure VPN S2S

Create the Site-to-Site connection

In this step, you have already configured your VPN device using the public IP of the Azure VPN Gateway and the shared key. To create a connection between the Azure VPN Gateway and your VPN device on-premise, you should use the New-AzVirtualNetworkGatewayConnection cmdlet with the following syntax.

Azure VPN S2S

Verify the VPN connection

Finally, you can check the status of our connection using the following command.

Thanks for reading my post. I hope you find it useful.

If you want to know more about Azure VPN Gateway, check out this link.