Configuring a VNet-to-VNet VPN Gateway Connection Using the Azure Portal
In the previous article, you have configured Azure VNet peering that connects Azure virtual network within the same Azure region through Azure backbone network. This time, you can use a VNet-to-VNet to connect Azure virtual networks in two different Azure regions. Using VNet-to-VNet is similar to a site-to-site VPN. In site-to-site VPN, traffic does traverse the internet but in VNet-to-VNet is routed over a Microsoft Azure backbone network. Configuring a VNet-to-VNet VPN connection is similar to a site-to-site VPN connection with one difference: the other side of the connection is not an on-premises network, but another Azure virtual network. But both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE. VNet-to-VNet communication can be combined with multi-side configuration. The following procedure outlines the steps to use the Azure portal to create a VNet-VNet-to-VNet VPN connection:
- Create an Azure Resource Group.
- Create a Virtual Network and Add a Gateway Subnet.
- Create a Virtual Network Gateway and Add a Public IP address for Azure VPN Gateway.
- Repeat steps 1-3 to create a second Virtual Network (VNet).
- Create a Connection object that connects the two virtual network gateways.
- Resource group name: MSSERVERPRO-ASA-RG01
- Subscription: Use the default subscription
- Resource group location: Select your preferred location ( Here, I select Southeast Asia)
- Name: MSP-ASA-VN01
- Address space:10.5.0.0/16
- Subscription: select the Azure subscription in which you want to create a virtual network
- Resource group:
- Use existing resource group: MSSERVERPRO-ASA-RG01
- Location: Southeast Asia (The Azure region that is closest to the location and that is available in your subscription)
- Subnet name: BackEnd
- Subnet address range: 10.5.10.0/24
9. The Second virtual network gateway field is the virtual network gateway of the VNet that you want to create a connection to. Click Choose another virtual network gateway to open the Choose virtual network gateway Select the virtual network gateway that is listed. 10. You then need to create a Shared key (PSK) secret for both gateway to share. Click OK at the bottom of the blade to save your changes. 11. Verify the connections. For each virtual network gateway, do the following. In All resources, locate the blade for the virtual network gateway, For example, MSP-AEA-GW01. 12. On the virtual network gateway blade, click Connections to view the connections blade for the virtual network gateway. View the connections and verify the status is Updating. 13. After few minutes, you will see Succeeded and Connected as the Status values. In the Notification, you can see Create connection box, Successfully created connection. As displayed above, the connection is established. The status of two virtual network gateway MSP-ASA-VN01toMSP-AEA-VN01 is Connected. You can double-click each Connection separately to observe that some amount of Data transferred between these two virtual networks. The same scenario can also see in the other virtual network gateway MSP-AEA-VN01toMSP-ASA-VN01. The connection is established and data has been transferred between virtual networks. Summary: This article shows how to configure VPN to VPN connection between two virtual networks located in two different regions in Azure (Southeast Asia and East Asia). I hope this helps.
Related Post Creating a Windows Virtual Machine and Availability Set at the same time using the Azure Portal