2024-09-05
      No Comments
      Sharyl Barnes

S2S VPN Configuration

To configure an S2S VPN tunnel using Azure VPN Gateway, we will use a Windows server with RRAS features installed. This will work as the equivalent of an on-premises appliance that would typically run a persistent connection with the VPN gateway. An S2S tunnel is typically designed to be persistent:

  1. Navigate to your VPN resource group.
  2. Click + Create on the Overview screen for the resource group.
  3. Type local network gateway in the search bar and press Enter/Return. Click Virtual network gateway from the options that are returned:

Figure 17.29 – Choosing Local network gateway

  1. Click Create.
  2. Enter the following and click Review + create:
  • Subscription: Select your Azure subscription.
  • Resource Group: AZ104-VPNGateway.
  • Region: West Europe (or select what you prefer).
  • Name: VPNServer.
  • Endpoint: IP address.
  • IP address: Enter the IP address of the VM you spun up in the previous exercise.
  • Address Space(s): 99.0.0.0/24.
  1. Click Create.
  2. Navigate to the VPN gateway you deployed earlier in the chapter.
  3. Click on Connections under the Settings context.
  4. Enter the following and click OK:
  • Name: Azureto2019.
  • Connection type: Site-to-site (IPsec).
  • Virtual network gateway: The gateway you configured earlier.
  • Local network gateway: Select the one you created in the previous steps.
  • Shared key: Paste your key used in the previous exercise.
  • Use Azure Private IP Address: Unselected.
  • IKE protocol: IKEv2.
  1. Now that you have configured the S2S components, go back to your VPN server and navigate to the Routing and Remote Access window.
  2. Click Network Interfaces and right-click on your Azure VPN interface and click Connect. If all is configured correctly, you should successfully connect:

Figure 17.30 – RRAS VPN connection

Now that you have configured your Windows VPN server, we will test it in the next section.

Verify connectivity via the Azure portal

To verify connectivity, follow these steps:

  1. Navigate to your VPN Gateway resource on the Azure portal.
  2. Click Connections under the Settings context. Note the connection on the right-hand side of the screen; a status of Connected shows that the tunnel has been successfully established. If the view does not update, there is also a refresh button at the top of the page:

Figure 17.31 – S2S connected in Azure

In the next section, we will explore VNet to VNet connectivity.