Configuring an Azure VNet-to-VNet VPN Gateway (v2)

1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

Virtual network gateways enable us to connect our on-premises network to an Azure data center. We can then extend our IT presence into the cloud by integrating Azure resources with our local Active Directory. A VPN gateway is a fast, secure way to start our organization’s move to the cloud. In this hands-on lab, we connect one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well. **Note:** *The lab has been updated with pre-deployed Azure virtual network gateways.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Log in to Azure Portal and Verify Lack of Connectivity Between Virtual Machines

Log in to the Azure Portal with the credentials provided. Click All Resources in the navigation hub menu and become familiar with the provisioned Azure resources. These include the following:

  • Two Azure virtual networks and network security groups allowing RDP access to virtual machines.
  • Two Windows Server 2019 virtual machines along with supporting components (NICs, public IPs, disks, etc.)
  • Two virtual network gateways, along with corresponding public IP addresses.

Download the RDP File

Click on the virtual machine named vm-dfw-XXXXX, where XXXXX is a five-character unique lab ID for this lab. Inside the virtual machine blade, click the Connect button to download an RDP file for connecting to the virtual machine.

Login credentials:

  • Username: azureuser
  • Password: LA!2019!Lab1

In the DFW VM, open Remote Desktop Connection and attempt to connect to 10.1.0.4. This is the IP address of the virtual machine in NYC. Verify that we are unable to connect.

(Optional) We can test connectivity from the NYC virtual network by performing the previous steps using the VM in NYC. Log in to the VM in NYC and try to connect to the VM in DFW.

IP of the DFW VM: 10.0.0.4

OPTIONAL: Simulate Virtual Network Gateway Creation

The lab environment already contains two pre-deployed virtual network gateways. This was done for student convenience, as these resources historically take 30–45 minutes to deploy. However, it is important to know how to deploy a virtual network gateway in Azure. This optional takes you through the process — but make sure you DO NOT create the virtual network gateway.

Create Test Virtual Network

  1. In the Azure Portal, click All resources, then click + Add.
  2. Search the Azure Marketplace for "Virtual Network".
  3. Click Create and enter the following information:
    • Name: VNetTest
    • Address space: 10.3.0.0/16
    • Subscription: Leave as default
    • Resource group: Select lab resource group
    • Location: (US) South Central US
    • Subnet:
      • Name: GatewaySubnet
      • Address range: 10.3.0.0/24
    • DDoS protection: Basic
    • Service endpoints: Disabled
    • Firewall: Disabled
  4. Click Create.

Simulate Creating a Virtual Network Gateway

  1. Click All resources, then click + Add.
  2. Search the Azure Marketplace for "Virtual Network Gateway".
  3. Click Create and enter the following information:
    • Project details:
      • Subscription: Leave as default
      • Resource group: Will be populated when the Virtual network is configured
    • Instance details:
      • Name: VNGTest
      • Region: (US) South Central US
      • Gateway type: VPN
      • VPN type: Route-based
      • SKU: Basic
    • Virtual Network: VNetTest
    • Public IP address: Create New
      • Public IP address name: PIPTest1

NOTE: Do not create the virtual network gateway. It is not necessary, as these have been pre-configured.

Create VPN Connections
  1. In the Azure Portal, click All resources, then click VNG-DFW.
  2. Once in the blade for the gateway, click Connections.
  3. Click + Add. Use the following settings, leaving all other settings at their default values:
    • Name: DFW-NYC
    • Second virtual network gateway: VNG-NYC
    • Shared key (PSK): abc123
  4. Click OK to create the connection.
  5. Click All resources, then click VNG-NYC.
  6. Once in the blade for the gateway, click Connections.
  7. Click + Add. Use the following settings, leaving all other settings at their default values:
    • Name: NYC-DFW
    • Second virtual network gateway: VNG-DFW
    • Shared key (PSK): abc123
    • IKE Protocol: IKEv2
  8. Click OK to create the connection.
Wait for Connections to Become Connected

Once the connections are created, the status for each connection initializes to Unknown. They will both change to Updating, then Connecting, and finally Connected. Once both connections are Connected, proceed to the next task.

Tip: Switching back and forth between Connections and another topic (such as Configuration) to properly refresh the connection status. Simply hitting "Refresh" doesn’t seem to actually do anything.

Verify Connectivity Between Virtual Machines

In the DFW VM, open Remote Desktop Connection again and attempt to connect to 10.1.0.4. Verify that we are now able to connect.

Optional: In the NYC VM, open Remote Desktop Connection again and attempt to connect to 10.0.0.4. Verify that we are now able to connect.

Additional Resources

Scenario

In this hands-on lab, we connect one virtual network (VNet) to another in an Azure resource group. We then test connectivity between virtual machines located in each VNet. While this lab is completely contained in Azure, the procedure and concepts can be used for local network-to-Azure connectivity as well.

RDP Access to Virtual Machines

We will be using RDP to access our Windows virtual machines in this lab. For MacOS and Linux workstations, you may need to download an RDP application in order to connect to these virtual machines:

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?