How To Set Up VPN Connection Between Azure and On-Premises Network

This article will guide you through the steps to establish site-to-site vpn gateway between azure cloud and on-premises network.


  • VPN device – You need to have VPN device in on-premises to create the VPN connection with azure. the supported list of devices can found on here.
  • Static Public IP address – Your VPN device should have external public IP address and it shouldn’t be NAT. 
  • Valid Azure Subscription – You need active Azure subscription. It can be either paid or free trial. 

Creating Virtual Network 
If you have already performed virtual network setup in your azure subscription, you will not need to perform it again but make sure the settings are configured correctly. 

1. Log in to the azure portal.
2. Navigate to New > Networking > Virtual Network 

3. Click on create 

4. Provide the information according to your configuration.

Name – Name for the VNet
Address Space – IP range for the VNet. If you have multiple Address ranges, it can add later.
Subnet name – Name for the subnet you like to add
Subnet Address range – Subnet IP range (it must be within the Address Space listed before)
Resource Group – Can create new group or select existing group
Location – location of the VNet

Once done, click on create to continue.

5. Once VNet created, then you can modify the address ranges and subnets.

Creating Gateway Subnet 
It is recommended practice to use /28 or /27 for gateway subnet. This need to be done before connecting VNet to the gateway. 
1. Log in to the Azure Portal
2. Navigate to More Services > Virtual Networks 

3. Now click on the VNet, created on previous step and click on subnets. Then click on gateway subnet

4. Provide the subnet for the gateway and click OK

Creating Virtual Network Gateway

1. Log in to azure portal

2. Navigate to New > Networking > Virtual Network Gateway 

3. Provide the relevant information and click on Create

Name – Name for the virtual network gateway
Gateway Type – For our VPN it will be VPN 
VPN Type – Type of the VPN and regular VPN will be route-based
SKU – SKU for the VPN type
Virtual Network – in here select the VNet you have created following previous step
Public IP Address – VPN need to have public IP address. Select public IP from here or if you don’t have, once you click on the option it will allow you to add new one. 
Location – make sure you select the correct region to match with VNet region. 

4. It will take several minutes to complete the task. Once it’s done, you can see the public IP address details. You need this to configure the VPN device in on premises device.

Creating Local Network Gateway

1. Log in to azure portal

2. Navigate to New > Networking > Local network gateway

Name – Name for the local gateway
IP Address – Public IP address to represent your VPN device. It should not behind NAT.
Address Space – This is yours on premises address ranges. You can add multiple ranges.
Resource Group – you can create new resource group or use the same one you were using.

3. Provide the relevant information. Once done, click on create to proceed

Creating Site-to-Site VPN

1. Log in to azure portal

2. Navigate to More Services > Virtual network gateways 

3. Click on the virtual network gateway you created, under the Settings tab, click on Connection

4. Click on add

5. Provide the relevant information and click OK.

Name – Name of the connection
Connection Type – Type of the VPN. Most of the time its site-to-site
Virtual Network Gateway – you need to select the relevant virtual network gateway
Local Network Gateway – in here need to select the relevant local network gateway for your connection
Shared Key – This is the pre-shared key you going to use for the VPN configuration

6. Once done, click OK

7. Once connected you can see the status in same page by clicking on connection. 

That's all for now.

No comments:

Powered by Blogger.