If we need to set up a connection between two independent networks (not between VLANs), we have to use a virtual private network (VPN) connections. In Azure, we use VNets to create private networks. If we need to communicate between two VNets, we have to use one of the following methods,
• VNet-to-VNet Connection – The communication happens between two VPN gateways. This is easy to set up, compare to the site-to-site VPN method.
• Site-to-Site VPN – This is similar to creating VPN connection to the on-premises network. It also uses VPN gateway, but it gives more control over the local network gateway.
• VNet Peering – This method doesn't use VPN gateways and it routes the traffic via Microsoft backend infrastructure. More information about VNet peering is available on https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
In this demo, I am going to demonstrate how to create a VNet-to-VNet connection. These types of connections can establish between,
• Virtual Networks in the same region
• Virtual Networks in different regions
• Virtual Networks in different subscriptions
In this demo, I am going to create a VNet-to-VNet VPN connection between two virtual networks in two different regions.
According to the above diagram, EUSVnet1 virtual network will be running on East US Azure region and UKSVnet1 virtual network will be running on UK South Azure region. Let's see how we can establish a VPN gateway connection between these two networks. Before start, please make sure you have the following in place.
• Valid Azure Subscription – You can also use free azure subscription for testing purpose. https://azure.microsoft.com/en-gb/free/
• Azure PowerShell Module – In this demo I am going to use PowerShell. Please make sure you have Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.6.0
Create Resource Groups
The first step of the configuration is to create new resource groups in different regions.
To do that,
1. Launch PowerShell console and connect to Azure using Connect-AzAccount
2. Then create EUSRG1 under East US Azure region by using,
New-AzResourceGroup -Name EUSRG1 -Location "East US"
In the above command, -Name parameter specifies the resource group name and -Location parameter specify the Azure region.
3. Next step is to create UKSRG1 resource group in UK South Azure region by using,
New-AzResourceGroup -Name UKSRG1 -Location "UK South"