How to setup Site to Site (S2S) VPN from local OnPrem to Azure Cloud in 10 steps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi my name is sylvain in this video i will show you the 10 steps to connect your on-premise environment to microsoft azure in this example on the right side of the screen we see our local on-prem environment and on the other side on the left we see our microsoft azure environment which we're going to use as an extension of our local on-prem environment through the use of this side-to-side vpn connection that we're going to create so without further ado let's begin so the first thing we need in step one is to create a resource group in which we will create a virtual network in step two so azure virtual network in my case i got a 10 24 address space which is good for 256 ip addresses and you see the small slash 28 subnet on the right so this is going to be the gateway from microsoft azure to the on-prem environment then we will create a local network gateway number three this is going to use the local ip address that we got in the internet router on-prem step number four we will create an azure public ip address and this ip address is going to be used by the virtual network gateway that is step number five and this virtual gateway is going to link with the on-prem environment through the connection number six so the vpn itself so the vpn is going to be the bridge or the extension between our on-premise environment and the azure environment all right next step seven we will create a vm in microsoft azure that we're going to use later on to test our vpn connection and step number eight we will configure routing and remote access on a windows server so that could be from 2012 all the way up to 2019 uh for the vpn itself then step number nine we will add the static route that we need to send the traffic from the on-premise network all the way up to the microsoft azure 100 address space as you can see on the screen and finally step number 10 we will test our vpn with an rdp connection from on-prem to our vm and microsoft azure okay so with that we're good to go alright so let's rock so we're gonna connect to the microsoft azure portal and as we've seen in the steps earlier the first thing we need to do is to create a resource group so we'll do that step number one so let's head on to the microsoft azure portal and go in the resource group section and let's click on the add button there i'm going to put the name for my resource group s2s-vpn in my case for site to site vpn and i put everything in the west europe region i click create takes just one second there it is and now i can go back to my resource group refresh and now there it is all right so that takes us to the second step which is the creation of the virtual network so we go back to the portal we go to the virtual network section we can click on the add button and we select the resource group we just created in my case site to site vpn and when we can put the name site to site vpn virtual network then we click on next not create we click on next because we want to modify some parameters so the address space i'm using the 10.0.0.0.24 which is good for 256 address ip addresses then i click on add subnet to add the default subnet which is going to have a slash 26 address space which is good for 64 ip addresses as you see on the screen and you click on add and then we can create the virtual network which is b which is going to be created with the default subnet that we specified but we still have one subnet to add which is the gateway subnet which is going to be used to link from the microsoft azure network to the on-premise network so let's add on to virtual networks now after refresh we can see it we go inside of it so we see the address space the 10-000 000 24 and if i go into subnets i see my default subnet with the slash 26 but i need to create a gateway subnet as i'm saying so i'm going to create a 10.0.0 28 which is good for 16 ip addresses which is enough and as you can see microsoft is taking um a few ip addresses from from that range always okay so that's done i refresh i see my gateway subnet with the the range i specified the address space all right so that brings us to the third step now the green icon we're going to create the local network gateway so for this we go back to the azure portal we go in the top left and we click on create resources and we type local network gateway you click on the link and you click on create you put the name so side to side local network gateway or whatever name that suits you and ip address there you need to put the local ip address that you have in your internet router on premise so if you don't remember the address that was my case you can use whatsmyip.org and you just simply copy and paste the ap address and the ipaddress field then for the address space then it depends in my case i have i'm using two different address spaces one classy and one class b on premise so since i want that to be linked with the vpn to microsoft azure then i need to put the two of them so 192.168 and the second one 172. 16.0.0 24. so these two ranges all right and then you put in the right resource group the right to the correct region and you click create so you create the local network gateway takes just a few seconds okay it's there so we can check in the resource group site to site vpn we see the green icon which is the local network gateway and we can close this so that takes us to the fourth step which is the creation of the public ip address this one is a quick one really easy to do as you'll see so you click on create resources on the top left and you type public ip address click create and basically you only have to provide the name site azure public ip address select the right resource group and the location in my case europe west region and you click create this one is really quick to do it's already there again we can go in the resource group side to side vpn and refresh and after a couple of refresh we should get there it is the public ip address okay so that takes us to the next step the fifth one so this one takes longer the virtual network gateway okay so again create resources virtual network gateway click create so you put the name so side to side vpn virtual network gateway you select the right region in my case again it's west europe so we're going to create a vpn obviously so it's a route based vpn these queues i'm taking the the one by default not the basic one and virtual network obviously you uh you're going to take the virtual network well there's only one that will show up in the list based on the um the subnet if you remember at the beginning we created a special subnet for the vpn and that's the one we are going to use we select the ip address that we just created in the previous step in the fourth step that's the reason why we just created the address right before the creation of the virtual network gateway and now as you can see the video has been fast forwarded 60 times so that 30 minutes could end up being only 30 seconds for your convenience so it's just about to finish in just a few seconds and here we are end of the creation of the virtual network gateway again that's normally about 30 minutes or even more so there it is we can go in the resource group site to site vpn and we can see the virtual network gateway if you go inside you will see the ip address that is attached to it if you go in local network gateway you see the ip address of your internet router on-premise and in my case the two networks that i configured and that takes us to the next step which is the connection number six all right so again in the portal we go in create resources and you type connection click on it click create here it's straightforward you specify the right resource group and watch out you need to specify side to side ipsec vpn not the option by default and location europe west in my case so we specify the virtual network gateway that we just created the local network gateway that we created before that so side to side vpn connection and now shared key so this is important so pay attention to this uh this is the passphrase that we need on both sides azure and on-premise to create the vpn okay so there's also the ike v2 protocol which is needed which was selected so i'm clicking okay so yeah in a real production environment we would use something stronger but for the sake of this demo i'm using this abcde12345 passphrase okay so now let's have a look at the status of the connection so it's showing up as unknown so nevermind we'll get back to this later so let's move on to the next section which is the creation of the vm that we're gonna use in microsoft azure to test our new vpn connection so let's go on the virtual machine section and here i'm gonna take the opportunity to mention that a few weeks ago i created another video to explain how you can create your own hyper-v virtual machine on-premise and then upload it to microsoft azure so that you could convert it to an image and then create your virtual machines and microsoft azure from that image and that is basically what i'm going to do now i'm going to select as you can see my own on-prem vm image to create uh my virtual machine that we're gonna use now so if you want to watch that video uh there's a link at the top of the screen but i'm gonna put the same link at the end of the video so um stay tuned if you want to have this information to create your own vm on premise and then upload it to microsoft azure okay so i'm gonna select two cpus and everything is fine so i'm gonna create the vm and um to make sure you don't have to wait for the creation of the of the vm as soon as i hit the create button i'm gonna stop the video all right so that is done if we click refresh we see that the vm is there so as you can see i stopped the recording while i was creating the vm okay so that concludes this step so let's move on to the step number eight the configuration of the vpn okay so let's move on to the on-premise environment in my case i got a windows 2019 server which i'm going to use to set up the vpn so in that case we're using routing and remote access server so we'll do the configuration so you just right click and you choose configure and enabled routing and remote access you click next you choose secure connection between two par sorry private networks which is what we want to do you take the default yes and the hc well depending on on your needs and you click finish so the service is starting and we'll continue with the second phase of that configuration all right so you click next you put the name so in my case it's side to side vpn to azure so you click next you choose vpn this one is easy you select v2 if you remember when we did the configuration of the connection and now here we need the public ip address that we had in the step four so remember in microsoft azure the fourth step was the creation of a public ip address so we need that ip address right now if you go back to the azure portal in the right resource group you will see your app address and you can paste it here okay next next here we need to put the address space that we have in our network and microsoft azure so in my case for my virtual network i specified i had 10.000 if you remember so you put the right net mask in my case it's two five five two five five zero zero and i'm going to put a metric of 24 all right okay so click okay next no need to put any username and password you click on finish and now the interface is created so you open the list you right click on network interface and now you see your site to site vpn connection is there you right click on it because we're not done yet you go into properties and you go in options we're going to add a few redial attempts but the most important is the security tab just there and we are not going to use certificates we're going to use the passphrase so if you remember i said you need to remember the passphrase in my case it was abcde one two three four five so that is where you need to put your passphrase so if we just check quickly on the azure portal the connection status has gone from unknown to not connected all right so now we're going to connect so you right click on the interface vpn interface and you select connect so now we're going to establish the vpn connection from on-prem to azure there it is connected okay so now that that is done we can move on to the next step which is step number nine to add a static route to our vpn server so in the same configuration if you look down in ipv4 so you open that section you see static routes so we need to add the route so that the traffic from on-prem could reach the right network and azure so you specify the right interface as you see side to side vpn and in my case the address space is 10.000 click ok and we're ready to test the connection with rdp from on-prem to our vm in azure so what i'm going to do i'm going to use the internal ip address i got for my vm and microsoft azure which is 10.004 as you can see on the screen so let's click connect so the administrator azure on underscore admin which is the username i got for that vm in azure and there it is as you can see we're connected through the vpn from on-prem to azure so as you can see that's a nice way to have an extension of your on-prem network in azure so if i want to map a network drive back from azure to on-prem let's do that so let's hit map network drive and we'll put the ip address of the server on-prem so it's 172 dot 16 16.0.10 so this is the address i got on premise and if you remember the the the address space in azure was 10.000 and here it's 172.16 all right so there it is we've just mapped the network drive from the virtual machine in microsoft azure back to my server 2019 server on premise all right so that is it that concludes this demo to show you how you can easily in 10 steps create a vpn connection side-to-side vpn connection from your on-premise environment all the way up to your um virtual network and microsoft azure so what we did we created a resource group a virtual network then a local network gateway to represent the on-prem environment a public ip address which we used for the virtual network gateway then the connection to link the local network gateway and the virtual network gateway we created a vm so that we could test the connection we configured the vpn on our windows server on premise we added the static route to correctly send the traffic from on-prem to azure and we did the connection with rdp i hope that you have enjoyed that video if so do not hesitate to hit the like button and to subscribe thank you very much and bye you

Info

Channel: ConsulCat

Views: 15,696

Rating: 4.9753084 out of 5

Keywords: S2S, Site-to-Site, VPN, English, Sylvain Beauchemin, How-to, How to, Tutorial, Azure, Microsoft, Virtual Private Network, OnPrem, On Premise, Local site, internet, secured channel, connection, Cloud, la leche, ConsulCat, Fall back scenario, steps, explanations

Id: MorG47BTttU

Channel Id: undefined

Length: 22min 49sec (1369 seconds)

Published: Fri Aug 07 2020