Home

Welcome to the Azure-networking wiki! About Azure VPN Gateway | Microsoft Learn

                 Vnet to Vnet connection

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal Azure VNet-to-VNet Connection - Step by Step demo

Azure VNet-to-VNet connection allows virtual networks (VNets) to communicate securely across different regions or subscriptions. This is useful for scenarios like cross-region redundancy, multi-tier applications, and inter-organization communication. Key Concepts 1. VPN Gateway: A VNet-to-VNet connection uses an IPsec/IKE VPN tunnel to establish connectivity. 2. Dynamic Routing: Only Dynamic Routing VPN gateways are supported. 3. Address Space Considerations: Ensure no overlapping address prefixes between connected VNets. 4. Cross-Subscription & Cross-Region: VNets can be connected across different subscriptions and regions. Steps to Configure VNet-to-VNet Connection 1. Create Virtual Networks: o Define VNets with unique address spaces. o Assign subnets within each VNet. 2. Deploy VPN Gateways: o Each VNet requires a VPN Gateway. o Choose Route-based (Dynamic Routing) gateways. 3. Establish Connection: o Configure VNet-to-VNet connection using Azure CLI or Azure Portal. o Use az network vpn-connection create command in CLI. 4. Verify Connectivity: o Check connection status in Azure Portal. o Use ping or traceroute to test communication. Alternative: Virtual Network Peering · Faster & Lower Latency: Direct connection without a VPN. · Same Subscription Only: Works within the same Azure subscription. · No Encryption: Unlike VPN, peering does not encrypt traffic. Real-world use cases for Azure VNet-to-VNet connections:

Cross-Region Geo-Redundancy · Organizations use VNet-to-VNet connections to replicate workloads across different Azure regions. · Example: SQL Server Always On availability groups can be set up across multiple regions for disaster recovery.
Multi-Tier Applications with Isolation · Enterprises often separate application tiers into different VNets for security and administrative boundaries. · Example: A web tier in one VNet and a database tier in another, connected via VNet-to-VNet.
Cross-Subscription Connectivity · Companies with multiple Azure subscriptions can connect VNets securely. · Example: A parent company and its subsidiary can share resources without exposing them to the internet.
Hybrid Cloud Integration · VNet-to-VNet can be combined with on-premises VPN connections for hybrid cloud setups. · Example: A corporate data center connects to an Azure VNet, which then connects to another VNet hosting cloud applications.
Secure Communication Between Business Units · Different departments or business units within an organization can have isolated VNets but still communicate securely. · Example: A finance department and an HR department can exchange data while maintaining network segmentation. Establishing an Azure VNet-to-VNet connectioninvolves setting up a secure IPsec/IKE VPN tunnelbetween two virtual networks (VNets). Here’s a step-by-step breakdown:
Create Virtual Networks · Define two VNets with non-overlapping address spaces. · Assign subnets within each VNet.
Deploy VPN Gateways · Each VNet requires a VPN Gateway. · Choose Route-based (Dynamic Routing) gateways.
Configure Public IPs · Assign a public IP address to each VPN Gateway. · Ensure the IPs are static.
Establish VNet-to-VNet Connection · Use Azure Portal or Azure CLI (az network vpn-connection create). · Define shared key (PSK) for authentication.
Verify Connectivity · Check connection status in Azure Portal. · Use ping or traceroute to test communication. What protocols are used for VNet-to-VNet connections? Azure VNet-to-VNet connections use IPsec/IKE (Internet Protocol Security / Internet Key Exchange) protocols to establish secure communication between virtual networks. These protocols ensure encrypted data transfer over the VPN tunnel. Key Protocols Used
1. IPsec (Internet Protocol Security) – Provides encryption and authentication for secure data transmission.
2. IKEv2 (Internet Key Exchange version 2) – Establishes and manages the VPN connection.
3. ESP (Encapsulating Security Payload) – Ensures data integrity and confidentiality.
4. SHA-256 (Secure Hash Algorithm) – Used for authentication and integrity checks.
5. AES-256 (Advanced Encryption Standard) – Provides strong encryption for data security. These protocols work together to create a secure tunnel between VNets, ensuring confidentiality, integrity, and authentication of transmitted data.

Vnet – Vnet Architecture

We have to create 2 vnets with in same subscription or different subscription or same region or different region and each vnet we should create one subnet and gateway subnet aswell.

Below is my one of the Vnet located in central india location

To create Gateway you can follow below steps Click on Subnet > Subnet purpose > select purpose as Virtual network Gateway It will create one gateway Eash virtual network we can create only one gateway subnet.

We have to create same as another vnet. Below is my another vnet

Now we have to create Virtual network gateway(VPN gateway) on each vnet Go to Azure portal Search and type Virtual network gateway and create

We have to create public ip address to assign the ip to vpn gateway because the Communication will flow by internet with secure tunnel using IPSec/IKEV2 protocals Below I have used existing one we can use existing one if the ip’s will not use any vm’s or gateways.