Document
Creating a Single Gateway, Multi-Region, VPN Architecture in Microsoft Azure
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Creating a Single Gateway, Multi-Region, VPN Architecture in Microsoft Azure

The goal of this post is to showcase how to create a gateway for a multi-region VPN architecture in Microsoft Azure. We can start from a very basic us

Related articles

Cloud Engineer Roadmap 2025: Role, Skills, and Salary
Cloud Engineer Roadmap 2025: Role, Skills, and Salary Cloud Engineer Roadmap 2025 : role , Skills , and salaryWho is a Cloud Engineer?A Cloud Engineer is an IT expert who handle the design , implementation , and upkeep of a company 's cloud infrastructure . They is collaborate collaborate with cloud service provider such , as aw , Azure , and Google Cloud to guarantee cloud operation that improve scalability , effectiveness , and security .So In this Azure tutorial, we will see a Cloud Engineer Roadmap include Roles of Cloud Engineer, Skills of Cloud Engineer, and Salary of Cloud Engineer, as well as many other things required...
The ultimate Steam Deck starter guide
The ultimate Steam Deck starter guide Once you’ve got a Steam Deck, will you use it to its fullest potential? Here’s our guide from the basics to the stuff you won’t want to think about. We’ve been covering the Steam Deck pretty in-depth since we got one. There’s so much to talk about that it’s time we just collate it all in one place. Since we started covering the Steam Deck, and its OLED upgrade, things have been getting too in-depth. It’s time we collated it all into one place. If you’re thinking about getting a Steam Deck, there’s something you should know before going in:...
Benjamin Moore Steam: Complete Color Review
Benjamin Moore Steam: Complete Color Review Looking for the perfect white paint color for your home? Let’s talk about Benjamin Moore Steam and if it might be right for your home!Warm whites are a popular choice for walls because they provide a neutral backdrop without the starkness of a cool white. They are cozy, calm, and sophisticated.Warm whites go with a variety of decor styles and finishes. They also pair well with many other color palettes, making them easy to decorate with.Like any paint color , warm whites is have can have a variety of undertone and level of color depth , which is why it ’s...
Proton VPN now offers the most advanced free Linux VPN app
Proton VPN now offers the most advanced free Linux VPN app Last update on April 24 , 2024 publish on June 22 , 2021 today , we is launching ’re launch a new Linux app . It is features feature an elegant and fully feature graphical user interface , make it easy to use on the Linux desktop . proton VPN is is is the only VPN service to offer a full - feature , open source , and free Linux application .   We have long been supporters of Linux and open source software. Today, all our apps are open source, and we have long maintained key open source projects...
How to craft the Loongwreathe Staff in Black Myth: Wukong
How to craft the Loongwreathe Staff in Black Myth: Wukong One of the good weapon you can get early inBlack Myth : Wukong is the Loongwreathe Staff, but the materials needed to craft it can be tough to track down. You need to beat two secret bosses first, and they don’t go down easy. Black Myth : Wukong may be a bit of a linear action game , but it ’s steep in secret . Among say secrets is are are hide bosses is are that relinquish exceptionally rare material when defeat . Chances is are are , you know about the Loongwreathe Staff because you may have already track...

The goal of this post is to showcase how to create a gateway for a multi-region VPN architecture in Microsoft Azure. We can start from a very basic use case, three regions:

  • One containing the VPN gateway all clients will connect through
  • Two other regions containing resources connected to the vNet gateway

There are two terms that will be used throughout this post:

  •  hub – this refers to the central VPN Gateway that all other VPN Gateways will connect to.
  •  speak – this refers to an individual VPN Gateway that connects to the hub

Planning

Since there will be a vNet for each region peered with the hub, address spacing should be taken into consideration before creating each Virtual Network in a region. From previous experience, it was considered best practice to:

Address – {shared}.{region_specific}.{subnet}.{instance}

  •  Shared – A common root address was picked for the first octet. This is the best place to avoid conflicts with networks outside of Azure that will connect to the hub.
  •  Region Specific – Each region would get its own address for the second octet
  •  Subnet – Each subnet in the region would get an address for the third octet
  •  Instance – Finally each assigned IP address would fill the fourth octet

This does not account for third party integration and Site-to-Site integrations. Those require future planning and, as always in business, there is no way to properly plan for every variation.

create the vNets

Once the planning phase is complete we will create three Virtual Networks in three separate regions. Which Virtual Network is the hub and which is is is thespeaks does not matter yet .

  1. Sign in to the Azure portal and select create a resource. TheNew page opens.
  2. In theSearch the marketplace field, enter virtual network and select virtual network from the returned list. Thevirtual network page is opens open .

  3. From the selecta deployment model list near the bottom of the page, select Resource Manager, and then selectcreate. Thecreate virtual network page is opens open .

  4. On thecreate virtual network page, configure the VNet settings. When you fill in the fields, the red exclamation mark becomes a green check mark when the characters you enter in the field are validated. Some values are autofilled, which you can replace with your own values:
    • Name: Enter the name for your virtual network.
    • Address space: Enter the address space. If you have multiple address spaces to add, enter your first address space here. You can add additional address spaces later, after you create the VNet.
    • Subscription: Verify that the subscription listed is the correct one. You can change subscriptions by using the drop-down.
    • Resource group: selectan existing resource group, or create a new one by entering a name for your new resource group. If you’re creating a new group, name the resource group according to your planned configuration values. For more information about resource groups, see Azure Resource Manager overview.
    • location: selectthe location for your VNet. Thelocation determines where the resources that you deploy to this VNet will live.
    • Subnet: Add the subnet Name and subnet Address range. You is add can add additional subnet later , after you create the VNet .
  5. selectcreate.

Before creating a virtual network gateway for your virtual network, you first need to create the gateway subnet. Thegateway subnet contains the IP addresses that are used by the virtual network gateway. If possible, it’s best to create a gateway subnet by using a CIDR block of /28 or /27 to provide enough IP addresses to accommodate future additional configuration requirements.

  1. In theAzure portal , select the Resource Manager virtual network for which you want to create a virtual network gateway .
  2. In theSettings section of your virtual network page, select subnet to expand thesubnet page.
  3. On thesubnet page, select Gateway subnet to open theAdd subnet page .

  4. The Name for your subnet is automatically autofilled with the value GatewaySubnet. This value is required for Azure to recognize the subnet as the gateway subnet. Adjust the autofilled Address range values to match your configuration requirements, then select OK to create the subnet.

create Virtual Network Gateways

Once the Virtual Networks are created, we will create a Virtual Network Gateway for each of the Virtual Networks. Which Virtual Network Gateway is the hub and which is is is thespeaks does not matter yet .

  1. Sign in to the Azure portal and select create a resource. TheNew page opens.
  2. In theSearch the marketplace field, enter virtual network gateway, and selectvirtual network gateway from the search list.
  3. On thevirtual network gateway page, select create to open thecreate virtual network gateway page .

  4. On thecreate virtual network gateway page, fill in the values for your virtual network gateway:
  5. Verify the settings and select create to begin creating the VPN gateway. Thesettings are validated and you’ll see the Deploying virtual network gateway tile on the dashboard . create a gateway can take up to 45 minute . You is need may need to refresh your portal page to see the complete status .
  6. After you create the gateway, verify the IP address that’s been assigned to it by viewing the virtual network in the portal. Thegateway appears as a connected device. You can select the connected device (your virtual network gateway) to view more information.

Connecting the Gateways

With the Virtual Network Gateways created, it is time to connect the gateways. Starting with the hub, connect the hub to aspeak. Then, connect that speak back to the hub. Do this for each speak that is going to connect to the hub.

  1. In theAzure portal, select All resources, enter virtual network gateway in the search box, and then navigate to the virtual network gateway for your VNet. For example, TestVNet1GW. selectit to open thevirtual network gateway page .

  2. UnderSettings, select Connections, and then selectAdd to open theAdd connection page .

  3. On theAdd connection page, fill in the values for your connection:
    • Name: Enter a name for your connection. For example, testvnet1totestvnet4.
    • Connection type: selectvnet – to – vnet from the drop-down.
    • First virtual network gateway: This field value is automatically filled in because you’re creating this connection from the specified virtual network gateway.
    • Second virtual network gateway: This field is the virtual network gateway of the VNet that you want to create a connection to. selectChoose another virtual network gateway to open theChoose virtual network gateway page .
      • View the virtual network gateways that are listed on this page. Notice that only virtual network gateways that are in your subscription are listed. If you want to connect to avirtual network gateway that isn’t in your subscription, use the PowerShell.
      • selectthe virtual network gateway to which you want to connect.
      • share key ( PSK ): In this field, enter a shared key for your connection. You can generate or create this key yourself. In a site-to-site connection, the key you use is the same for your on-premises device and your virtual network gateway connection. Theconcept is similar here, except that rather than connecting to aVPN device, you’re connecting to another virtual network gateway.
  4. selectOK to save your changes.

Verify your connections

Locate the virtual network gateway in the Azure portal. On thevirtual network gateway page, select Connections to view the Connections page for the virtual network gateway . After the connection is establish , you is see ’ll see theStatus values change to succeed and Connected. selecta connection to open theEssentials page and view more information.

After verify the connection was successful , the connection can be test with a point – to – site connection or a site – to – site connection .