Configure the site-to-site VPN connection between two Azure virtual networks

Configure the site-to-site VPN connection between two Azure virtual networks


Hi there! In this video I will show you how to configure
site-to-site VPN connections between two Azure
virtual networks also known as v-net This video is a part of the HDInsight HBase
cluster geo-replication video series. In addition to this video, the series includes: Configure DNS servers for the v-nets, and create
geo-replicated HBase clusters At the end of the video, I’ll give you a link to the
text version of this tutorial and the other videos
in the series. To help you understand the configuration
process, let me illustrate the steps: My goal is to create two virtual networks and
connect them using VPN.
I have defined a name, location, and IP address space for each of the v-nets. The address
spaces can’t overlap each other. When I create a v-net to v-net connection, I need
to configure the v-nets to identify each other as
a local network site. Each local network has the same address
space as the corresponding v-net. The orange numbers represent the order of the
steps. Notice the VPN gateway IP addresses for the
local network configurations are missing. To get the address for the Europe v-net, I need
to bind the Europe v-net to the U.S. local
network before I can create the VPN gateway. Then I can get the VPN gateway IP address to
fill-in the field. I’ll repeat the same steps for the U.S. v-net. At the end, I will set the same shared keys for
IPsec and Internet Key Exchange for both v-
nets. Let’s create the Europe v-net To get started, I open the Azure portal. I’m going to use the Custom Create option to
create a new v-net. I specify a unique name for my Europe v-net.
This v-net resides in the North Europe region. By default, v-net uses a DNS server that is
assigned by Azure. If I need name resolution
within a v-net, I must configure my own DNS server. The second video of this series shows
you how to create a virtual machine that is
designated as DNS server within a v-net. Because the DNS server is not created yet, I will
leave the DNS Server field blank.
0:02:30.066,0:02:30.000 I will also come back to configure the Site-to-
site connectivity because I need to define the
U.S. local network before I can configure it. The next page is for configuring v-net address
spaces. The starting IP address is 10.1.0.0. The address counts are 16 and 24. Now I’ll add the Europe local network Think of local network as an alias to a v-net. Give it a name. I use LNet to represent “local
network.” I won’t know the VPN Device IP Address until I
add a VPN gateway to the Europe v-net. So I enter an arbitrary IP address. I will come
back to fix this later. The IP address space must match the Europe v-
net address space, which is 10.1.0.0. Now I need to create the U.S. v-net I specify a name for my U.S. v-net. This v-net
resides in the East U.S. region. I will come back to the site-to-site configuration. I must make sure the v-net address space
doesn’t overlap with the Europe v-net address. The starting IP address of the U.S. v-net is
10.2.0.0. The address counts are 16 and 24. Let’s add the U.S. local network I’ll use the same type of naming convention as I
used for the Europe local network, so I call it
Contoso-LNet-US. I enter an arbitrary VPN Device IP address for
now.
0:04:35.066,0:04:35.033 The local network address space must match
the U.S. v-net address space. When we look at the status column, it shows
that both v-nets are created. With two pair of v-net and local network created,
the next step is to configure the Europe site-to-
site Connectivity. I switch to the Europe v-net Configure tab. I check Connect to the local network, and specify the U.S. local network. Click Add a gateway subnet. And, I save my changes. Now let’s create the VPN gateway for the
Europe v-net I switch to the Dashboard tab.
0:05:32.066,0:05:32.000 I click Create Gateway, and I specify Dynamic Routing. Only dynamic routing is supported for this
configuration.
0:05:42.033,0:05:42.000 I may have to wait over 20 minutes for this
process to complete. After it is complete, the portal shows the IP
address for the VPN gateway of the Europe v-
net. Notice the VPN gateway diagram shows
disconnection, and the color is in blue and grey. The color will change to blue and green when
there is a connection. Make a copy of the IP address. Let’s go back and configure the VPN IP address
in the Europe local network Update the VPN Device IP Address field. Now I can follow the same steps to configure the
U.S. v-net site-to-site connectivity. I switch to the U.S. v-net network Configure tab. I check Connect to the local network, and specify the Europe local network. And let’s save the change. I want to create a VPN gateway for the U.S. v-
net I switch back to the Dashboard tab. I click Create Gateway, and select Dynamic
Routing to add a dynamic routing VPN gateway. I make sure to copy the IP address. I update the U.S. local network VPN Device IP
Address field with the VPN gateway IP address. The last step is to set the v-net VPN gateway
keys using Azure PowerShell. The keys must
match each other. If you haven’t installed Azure PowerShell, you
can use the Microsoft Web Platform Installer to
install it.
0:07:47.033,0:07:47.000 I open the Windows PowerShell ISE. I use Add-AzureAccount cmdlet to connect to
my Azure subscription. I use Select-AzureSubscription to select the
Azure subscription for this activity.
0:08:03.033,0:08:03.000 And I use the Set-AzureVNetGatewayKey
cmdlet to set the gateway key for the Europe v-
net site-to-site connectivity. Then, I run it again for the U.S. v-net. I go back to the Dashboard tab of the Europe v-
net. Notice the diagram still shows disconnection. I click Connect. Now the visual diagram shows connected with
colors in blue and green, which means that the
connection is complete. And that’s all there is for this video clip. To see other videos in this series, check out the
link. Thanks for watching.

6 Comments

  • lki34442 says:

    excellent video.. thank you

  • Saulius Sauliavicius says:

    nice job!

  • raviraj vijayan says:

    thank you easy to understand this ….

  • Ashton Schlemmer says:

    The reason why I love this VPN service “gagugo shocking plan” (Google it) is its unlimited access to applications and web pages which are not available in other sources. This particular service is great. It`s tough to find a VPN app that has unlimited access time. Netflix is accessible, this is why I advise other individuals to put it to use also.

  • Zelig Urbina says:

    I am a foreign personnel from U.S. and this VPN service “gagugo shocking plan” (Google it) has been my partner with regards to great connection to the internet. Enables me to watch shows etc. like if I am in the US. I can access almost anything on the internet through this amazing VPN. For instance, I can still access social media in school even if their Wifi disables access to it.

  • Zelig Urbina says:

    This VPN service “fetching zonet com” (Google it) will get an excellent ranking from me. I began making use of it half a year ago. I had problem loading it many times before but I managed to repair it with the aid of their online service. The activation of the software is simple and I did not have issue with connecting. I recommend the service, I love it!

Leave a Reply

Your email address will not be published. Required fields are marked *