Configure A IPsec Tunnel VNet-To-VNet VPN Gateway Connection In Azure Portal

Introduction

This article helps out you to connect two virtual networks (VNets) by using VNet to VNet connection type, through Virtual Network Gateway in your Azure environment. And you can create virtual networks in two different regions and also different subscriptions as well.

Prerequisites

• Two Resouce Group (RG)
• Two Virtual Networks (VNet)
• GatewaySubnet
• Two Virtual Network Gateway (VPNGw)

This is my Demo LAB setup, and I have done the clear steps of the configuration.

Step 1

Sign into your azure portal.

Step 2

You must make sure your RG and VNet are created or not. In my case, I have created already Shanuka-RG>Shanuka-VNet.

Step 3

Before going to create Virtual Gateway need to make sure GatewaySubnet Navigate to Shanuka-VNet> Select Subnet> GatewaySubnet> once you click GatewaySubnet it will automatically pick the IP address and Subnet name.

Step 4

Successfully created subnet gateway

Configure a Virtual Network Gateway

• Resource Group: Shanuka-RG
• Name: Shanuka-VPNGw
• Region: East US
• SKU: VpnGw1
• Generation: Generation1
• Virtual Network: Shanuka-VNet
• Subnet: GatewaySubnet (10.190.1.0/24)
• Gateway type: VPN
• VPN type: RouteBased
• Enable active-active mode: Disabled
• Configure BGP: Disabled
• Public IP address: Shanuka-Pub-IP

Step 5

Navigate to your Shanuka-RG> and search Virtual Network Gateway and create it

Step 6

Please follow the appropriate steps

Step 7

Here have the option to choose SKU In my case, I have chosen VpnGw1 as per your requirement you can choose. You can check the SKU throughput by using the below link.

About Azure VPN Gateway | Microsoft Docs

Step 8

Set your Public IP name and Review and Create

Note: It will take an estimated time of 45 minutes to create a VPN Gateway

Step 9

Virtual Network Gateway is successfully created.

Create a Local Network Gateway configuration step by step

Prerequisites

• Two VNets
• Two Virtual Network Gateway

In my case, I have created according to my above scenario

Configure a Local Network Gateway

• Resource Group: Shanuka-RG
• Name: Shanuka-LNG
• Region: East US
• Endpoint: IP address
• IP address: 20.254.151.198 (Use your remote site public ip)
• Address Space: 172.16.0.0/16

Step 1

Select your specified resource group (RG) and Go to Marketplace>Type Local Network Gateway> Create it.

Step 2

Following the appropriate steps and review and create

Important: Make sure your Endpoint details are corrected

• Endpoint IP Address is your opponent's Public Address (Public-IP)
• Address Space is (VNet-IP)

In my case, I have added my Test-RG VPN Gateway details here

Step 3

Successfully created my Local Network Gateway (LNG)

Add Connection configuration Steps

Step 1

Navigate to your Virtual Network Gateway Shanuka-VPNgw>Connection>Add Connection

• Name: Shanuka-Test
• Connection type: VNet-to-VNet
• The “First Virtual Network Gateway” (Shanuka-VPNGw)automatically picks up
• You have select only “Second Virtual Network Gateway” (Test-VPNGw)
• Shared Key (PSK): For Example “123@Abc” you can put any keys here. In my case, I have done with the 123@Abc

Step 2

Successfully connected my VNet-to-VNet Tunnel VPN.

Conclusion 

This article taught us how to Implement IPsec for VNet-to-VNet using by VPN gateway. And if you have any questions please contact me.

Thanks.