Reviewing Azure VPN Gateways
Azure VPN Gateways are a type of Azure Virtual network Gateway which allows you to create secure connections between your on-premises network and an Azure Virtual Network (VNet). Azure uses leading security practices to protect data traveling between your on-premises network and your Azure network as if it were a single virtual private network (VPN). Among the benefits of this is the ability to use a hybrid infrastructure consisting of cloud and on-premises resources, with more security than you would get by simply handling your traffic over the public internet. In this Lab Step, you will navigate to an existing VPN gateway and learn about its fundamentals.
1. On the dashboard of the Azure Portal, click the portal menu > All resources:
2. On the All resources blade, click caLabsGateway:
3. Notice a few things on the resulting Overview blade:
- The gateway has a Gateway type of VPN. While the scope of this Lab Step will only cover specifically VPN gateways, know that virtual network gateways can have more than one type.
- The VPN gateway has been provisioned within a Virtual network, specifically the one you reviewed earlier. This means that by default, any traffic sent through the gateway will end up in this specific VNet until directed elsewhere.
- The gateway also has a Public IP address. VPN gateways need a public IP address because although they create an environment that emulates a private network between your on-premises resources and your cloud resources, the traffic still technically needs to travel over the public internet to reach your VPN gateway. Once configured, your on-premises network will know to send its traffic to this public IP address.
4. In the menu to the left, click Connections:
5. Notice there aren't currently any connections. Any connections here would mean that your gateway is currently connected to another gateway, such as the gateway of an on-premises network. At the top of the Connections blade, click Add:
6. In the Add connection blade, change the Connection type to Site-to-site (IPsec):
The connection type menu is also where you can configure Virtual Network peering and ExpressRoute connections. For site-to-site connections, notice two main data points here:
- The blade has a Virtual network gateway section set to calabsGateway, the gateway you're currently navigated to, and you can't change it. This means that you're attempting to create a connection from somewhere to your current VPN gateway.
- The blade also has a Local network gateway section, which is the section that would contain information about the local network (such as your on-premises network) that you wish to connect to your VPN gateway.
7. Click Choose a local network gateway and then Create new:
Notice three fields here:
- The IP address field would contain the public IP address of the gateway of your on-premises network. Just like your VPN Gateway needed a public IP address so that your on-premises resources know how to find it, the opposite is true. The public IP address here will tell your VPN gateway where to send traffic when transmitting data to your local network.
- The Name field is where you would place a unique label on your connection, for easy organization.
- The Address space is the range of IP addresses used in your local network. This address space must not overlap with the range used by the Azure virtual network
8. Configure a fictitious local network gateway by entering the following values before clicking OK at the bottom of the window:
- Name: Enter OfficeNetwork
- IP address: Enter 184.108.40.206 (In practice you would need to enter the actual public IP address of the gateway in your local network)
- Address space: Enter 192.168.0.0/16 (This range of addresses does not overlap with the Azure virtual network)
9. In the Add connection form, set the following values, leaving the others at their defaults, before clicking OK to create the connection and local network gateway:
- Name: Enter Office
- Shared key: Enter secret
After approximately 30 seconds a success notification appears
Configuring the on-premises gateway is outside of the scope of this lab but requires downloading a configuration file from the VPN configuration file from the Azure Portal and applying it to the on-premises gateway.
In this Lab Step, you navigated to an Azure VPN gateway, which is a kind of Virtual Network Gateway. You learned what it does, and why you might choose to use one. You also learned how a VPN gateway handles traffic to and from a separate network. Lastly, you simulated the creation of a Site-to-site connection to an artificial local network gateway.
Check if the Local Network Gateway has been created