Author : MD TAREQ HASSAN | Updated : 2021/01/28
What is Site to site vpn connection?
- A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network
- In context of Azure, Site to site vpn connection is a cross-premises connectivity between on-premises network and Azure virtual network
- Also known as S2S vpn connection
- A site-to-site VPN is a permanent connection designed to function as an encrypted link between two networks
Prerequisites
- Create Virtual Network
- Create VPN Gateway
- Create local network gateway (see next section)
Creating local network gateway
- In the context of Azure Virtual Network, a local network gateway represents VPN device (hardware or software) in on-prmise local network
- To set up a site-to-site VPN connection between an Azure virtual network and local network, local network gateway is required
- There is no additional charge for creating local network gateways in Microsoft Azure
Need following information
- Public IP address of VPN router
- IP Address Space (CIDR notation)
Creating local network gateway in Azure portal
- Go to: https://portal.azure.com/#create/Microsoft.LocalNetworkGateway-ARM
- Fillup details
- Create
Creating VPN connection
- Go to resource group > select target “VPN Gateway”
- Settings: Connections > ‘+ Add’
- Fill up details > Ok
Downloading configuration script
- After creating connection, we can download configuration script
- To downlaod configuartion script, we need following information
- Device (VPN router) vendor
- Device Family
- Firmware version
Configuring onpremise VPN device
- Site-to-Site connections to an on-premises network require a VPN device
- VPN device is basically a VPN router
- Requires
- A shared key: the same shared key that you specify when creating your Site-to-Site VPN connection)
- Public IP address of your virtual network gateway (select vpn gateway and see it’s public IP address)
How to configure on-premise VPN Router?
- Configuration script might have placeholder parameters (there might not be any parameter if you provide Device vendor, family firmware version while downlaoding scritp)
- i.e. PARAMETER1
- Filiup placeholder parameters with actual values of router information
- Go to control panel of router and use the script to configure the router
Links:
- VPN device configuration scripts for S2S VPN connections: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-download-vpndevicescript
- VPN Devices: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
- Validated VPN Devices: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable
- Overview of 3rd party VPN device configurations: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-3rdparty-device-config-overview
- Editing samples: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#editing
- Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell
Checking connection
- Go to resource group > select target “VPN Gateway”
- Settings: Connections > Check connection status