Azure Site to Site VPN Configuation

September 20, 2020 Amal Mammadov

We will create Site to Site VPN connection with two VNETs. By this way we are simulating Cloud and On-Prem sites as in the following diagram

az network vnet create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name Azure-VNet-1 \
     –address-prefix 10.0.0.0/16 \
     –subnet-name Services \
     –subnet-prefix 10.0.0.0/24

az network vnet subnet create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –vnet-name Azure-VNet-1 \
     –address-prefix 10.0.255.0/27 \
     –name GatewaySubnet

az network local-gateway create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –gateway-ip-address 94.0.252.160 \
     –name LNG-HQ-Network \
     –local-address-prefixes 172.16.0.0/16

az network public-ip create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name PIP-VNG-Azure-VNet-1 \
     –allocation-method Dynamic

az network vnet-gateway create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name VNG-Azure-VNet-1 \
     –public-ip-address PIP-VNG-Azure-VNet-1 \
     –vnet Azure-VNet-1 \
     –gateway-type Vpn \
     –vpn-type RouteBased \
     –sku VpnGw1 \
     –no-wait

PIPVNGAZUREVNET1=$(az network public-ip show \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name PIP-VNG-Azure-VNet-1 \
     –query “[ipAddress]” \
     –output tsv)

az network local-gateway update \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name LNG-Azure-VNet-1 \
     –gateway-ip-address $PIPVNGAZUREVNET1

========================

On Prem site

az network vnet create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name HQ-Network \
     –address-prefix 172.16.0.0/16 \
     –subnet-name Applications \
     –subnet-prefix 172.16.0.0/24

az network vnet subnet create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –address-prefix 172.16.255.0/27 \
     –name GatewaySubnet \
     –vnet-name HQ-Network

az network local-gateway create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –gateway-ip-address 94.0.252.160 \
     –name LNG-Azure-VNet-1 \
     –local-address-prefixes 10.0.0.0/16


az network public-ip create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name PIP-VNG-HQ-Network \
     –allocation-method Dynamic

az network vnet-gateway create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name VNG-HQ-Network \
     –public-ip-address PIP-VNG-HQ-Network \
     –vnet HQ-Network \
     –gateway-type Vpn \
     –vpn-type RouteBased \
     –sku VpnGw1 \
     –no-wait

===========================

az network vnet list –output table

az network local-gateway list \
–resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
–output table

watch -d -n 5 az network vnet-gateway list \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –output table

az network vnet-gateway list \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –query “[?provisioningState==’Succeeded’]” \
     –output table
=================================

az network local-gateway update \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name LNG-Azure-VNet-1 \
     –gateway-ip-address $PIPVNGAZUREVNET1

PIPVNGHQNETWORK=$(az network public-ip show \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name PIP-VNG-HQ-Network \
     –query “[ipAddress]” \
     –output tsv)

az network local-gateway update \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name LNG-HQ-Network \
     –gateway-ip-address $PIPVNGHQNETWORK

=========================

SHAREDKEY=<shared key>

az network vpn-connection create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name Azure-VNet-1-To-HQ-Network \
     –vnet-gateway1 VNG-Azure-VNet-1 \
     –shared-key $SHAREDKEY \
     –local-gateway2 LNG-HQ-Network

az network vpn-connection create \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name HQ-Network-To-Azure-VNet-1 \
     –vnet-gateway1 VNG-HQ-Network \
     –shared-key $SHAREDKEY \
     –local-gateway2 LNG-Azure-VNet-1
========================================

az network vpn-connection show \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name Azure-VNet-1-To-HQ-Network \
     –output table \
     –query ‘{Name:name,ConnectionStatus:connectionStatus}’

az network vpn-connection show \
     –resource-group learn-ee8df1a4-1b8d-4bd1-86fc-7c05ca89bf17 \
     –name HQ-Network-To-Azure-VNet-1 \
     –output table \
     –query ‘{Name:name,ConnectionStatus:connectionStatus}’