Site-to-site VPN is a type of VPN connection that is created between two separate network locations. It provides the ability to connect geographically separate locations or networks, usually over the public internet connection or a WAN connection.
Step 1 – Verify your Virtual Networks
In the Azure Portal, click the “Virtual Networks” and create
Step 2 – Creating a Gateway Subnet
Now, we have to create a Gateway subnet. So, select “Subnets” and then click “+ Gateway Subnet”.
Now, we need to enter the address range (CIDR block) and click “Ok”. The Gateway Subnet is an internal gateway in this network that Azure can use to route traffic back to your on-premises environment.
Step 3 – Creating Virtual Network Gateway
We need to create a Virtual Network Gateway that will become the endpoint to your connections.
Go to “+ Create a resource”, start typing “Virtual network gateway”, and select it to begin configuring.
Now, we need to fill the instance information. Name: S2SVNGW Gateway Type: VPN VPN Type: Router-based SKU: VpnGw1
Virtual Network:(Our Azure Local Virtual Network) Public IP Address: Create New Public IP Address Name: S2SVPNGWIP (In the demo, we can use this name as our Public IP) Enable Active-Active mode: Disable Configure BGP ASN: Disable
Click the “Create + Review” button to start the process. It will take more minutes to finish the process.
Step 4 – Creating Local Network Gateway
In this step, we need to create a “Local Network Gateway”. This represents our local on-premises networks. This Gateway shows our on-premises information so that Azure knows where our on-premises are running.
Now, we need to fill our correct information.
Name: S2SLNGW IP Address: 22.214.171.124 – Azure IP Address [In real situation you have to specify the Static IP address of the on-premises server or the Fully Qualified Domain Name] Address Space: 192.168.1.0/24 – LAN IP Address Range Enter the other necessary information and click “Create”.
Step 5 – Creating a Connection
The connection is represented to connect Virtual Network Gateway and Local Network Gateway.
Connection Type: Site-to-Site (IPsec) Click the “OK” button to finish the basic information.
In the Virtual Network Gateway, choose the Gateway that we have already created In the Local Network Gateway, choose the Gateway that we have already created
In the Connection Name, it assigns the name itself. If we need to change the name we can do it. Now, we need to assign the Shared Key (PSK) for Secure VPN connection.
After successfully completing the steps you will find a configuration file. Download this and send the text file to the network engineers on the other side
After that, we can verify our VPN status in the Connection settings.
It Will show VPN Status is “Connected” and we can verify the Peer 1 and Peer 2.