Jump to content
  • entries
    142
  • comments
    0
  • views
    87514

AzureRm | Create Site to Site VPN


proximagr

1503 views

 Share

<h1><strong>AzureRm | Create Site to Site VPN</strong></h1>
<p>This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview.</p>
<p>We will create a Gateway, request a Public IP and establish a Site to Site VPN. At the time I am writting this post there is no option to create the VPN ising the Portal, the only way is using PowerShell. Also there is no option to download the configuration for the local firewall/router, like the classic deployment.</p>
<p>The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.</p>
<p>So lets start:</p><pre class="crayon-plain-tag">#Login
Login-AzureRmAccount

 

#Create Gateway for VPN

 

# add the local (office) public ip and local networks
$resourcegroupName ="RMDemoRG"
$locationName ="West Europe"
$vnetName = "NRPVnet"
New-AzureRmLocalNetworkGateway -Name localsite -ResourceGroupName $resourcegroupName -Location $locationName -GatewayIpAddress "XXX.XXX.XXX.XXX" -AddressPrefix @('10.0.0.0/24','192.168.0.0/24')

 

# Create the Gateway Subnet
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourcegroupName -Name $vnetName
Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.16.0.0/16 -VirtualNetwork $vnet
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

 

# create gateway and request azure public ip
$gwpip= New-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName -Location $locationName -AllocationMethod Dynamic
$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
$GWsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $GWsubnet.Id -PublicIpAddressId $gwpip.Id
New-AzureRmVirtualNetworkGateway `
-Name RMDemoGW `
-ResourceGroupName $resourcegroupName `
-Location $locationName `
-IpConfigurations $gwipconfig `
-GatewayType Vpn `
-VpnType PolicyBased #PolicyBased For Static & RouteBased for Dynamic VPN

 

# Get the Public IP
Get-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName

 

# Establish the VPN connection
$gateway1 = Get-AzureRmVirtualNetworkGateway -Name RMDemoGW -ResourceGroupName $resourcegroupName
$local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName $resourcegroupName
New-AzureRmVirtualNetworkGatewayConnection `
-Name localtovpn `
-ResourceGroupName $resourcegroupName `
-Location $locationName `
-VirtualNetworkGateway1 $gateway1 `
-LocalNetworkGateway2 $local `
-ConnectionType IPsec `
-RoutingWeight 10 `
-SharedKey 'ABCDEFG1234567890'

 

#check the VPN status
Get-AzureRMVirtualNetworkGatewayConnection -Name localtovpn -ResourceGroupName $resourcegroupName -Debug</pre><p>Finally, since there is no way to download the configuration script at this time, the sample configurations can be found here: <a href="https://github.com/Azure/Azure-vpn-config-samples"target="_blank">https://github.com/Azure/Azure-vpn-config-samples</a></p>
<p>After the creation of the VPN, that can be done only using PowerShell, we can use the portal to view the status and the settings</p>
<p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&title=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" id="wpa2a_2"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/">AzureRm | Create Site to Site VPN</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>



<a href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/"class='bbc_url' rel='nofollow external'>Source</a>

 Share

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...