Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Connect a VPN Gateway (virtual network gateway) to Virtual WAN

  1. Home
  3. Connect a VPN Gateway (virtual network gateway) to Virtual WAN

Go back to Tutorial

We will learn how to connect an Azure VPN Gateway (virtual network gateway) to an Azure Virtual WAN in this tutorial (VPN gateway). Setting up connectivity to a virtual WAN (VPN gateway) via a VPN Gateway (virtual network gateway) is comparable to connecting to a virtual WAN from branch VPN sites.

Create a VPN Gateway virtual network gateway

Create an active-active VPN Gateway virtual network gateway for your virtual network. You have the option of using existing public IP addresses for the two instances of the gateway or creating new public IP addresses when creating the gateway. Furthermore, these public IPs will be used to set up the Virtual WAN sites.

Active-active mode setting

On the Virtual network gateway Configuration page, enable active-active mode.

BGP setting

The BGP ASN may be configured on the Virtual Network Gateway Configuration page. Modify the BGP ASN. 65515 will be utilised by Azure Virtual WAN and cannot be used as a BGP ASN.

Public IP addresses

Navigate to the Properties page after the gateway has been set up. The attributes and configuration options will look something like this. Keep an eye out for the gateway’s two public IP addresses.

Create Virtual WAN VPN sites

To create Virtual WAN VPN sites, go to your virtual WAN and pick VPN sites under Connectivity. You’ll establish two Virtual WAN VPN sites in this section, one for each of the virtual network gateways you created in the previous section.

  • Firstly, select +Create site.
  • Then, on the Create VPN sites page, type the following values:
    • Region – The same region as the Azure VPN Gateway virtual network gateway.
    • Device vendor – Enter the device vendor (any name).
    • Private address space – Enter a value, or leave blank when BGP is enabled.
    • Border Gateway Protocol – Set to Enable if the Azure VPN Gateway virtual network gateway has BGP enabled.
    • Connect to Hubs – Select the hub you created in the prerequisites from the dropdown. If you don’t see a hub, verify that you created a site-to-site VPN gateway for your hub.
  • Under Links, enter the following values:
    • Provider Name – Enter a Link name and a Provider name (any name).
    • Speed – Speed (any number).
    • IP Address – Enter IP address (same as the first public IP address shown under the (VPN Gateway) virtual network gateway properties).
    • BGP Address and ASN – BGP address and ASN. These must be the same as one of the BGP peer IP addresses, and ASN from the VPN Gateway virtual network gateway that you configured in Step 1.
  • Then, review and select Confirm to create the site.
  • After that, repeat the previous steps to create the second site to match with the second instance of the VPN Gateway virtual network gateway. You’ll keep the same settings, except using second public IP address and second BGP peer IP address from VPN Gateway configuration.
  • Lastly, you now have two sites successfully provisioned and can proceed to the next section to download configuration files.
AZ-104 practice tests

Download the VPN configuration files

In this section, you download the VPN configuration file for each of the sites that you created in the previous section.

  • Firstly, at the top of the Virtual WAN VPN sites page, select the Site, then select Download Site-to-site VPN configuration. Azure creates a configuration file with the settings.
  • Then, download and open the configuration file.
  • Lastly, repeat these steps for the second site. Once you have both configuration files open, you can proceed to the next section.

Create the local network gateways

Create two Azure VPN Gateway local network gates in this step. The gateway configuration parameters are stored in the configuration files created in the previous stage. Create and configure Azure VPN Gateway local network gateways using these parameters.

  • Firstly, create the local network gateway using these settings. For information about how to create a VPN Gateway local network gateway, see the VPN Gateway article Create a local network gateway.
    • IP address – Use the Instance0 IP Address shown for gatewayconfiguration from the configuration file.
    • BGP – If the connection is over BGP, select Configure BGP settings and enter the ASN ‘65515’. Enter the BGP peer IP address. Use ‘Instance0 BgpPeeringAddresses’ for gatewayconfiguration from the configuration file.
    • Subscription, Resource Group, and Location are same as for the Virtual WAN hub.
  • Then, review and create the local network gateway. Your local network gateway should look similar to this example.
  • After that, repeat these steps to create another local network gateway, but this time, use the ‘Instance1’ values instead of ‘Instance0’ values from the configuration file.

Create connections

Create a link between the VPN Gateway local network gateways and the virtual network gateway in this part.

  • Firstly, in the portal, navigate to your virtual network gateway and click Connections. At the top of the Connections page, click +Add to open the Add connection page.
  • Then, on the Add connection page, configure the following values for your connection:
    • Name: Name your connection.
    • Connection type: Select Site-to-site(IPSec)
    • Virtual network gateway: The value is fixed because you are connecting from this gateway.
    • Local network gateway: This connection will connect the virtual network gateway to the local network gateway. Choose one of the local network gateways that you created earlier.
    • Shared Key: Enter a shared key.
    • IKE Protocol: Choose the IKE protocol.
  • Then, click OK to create your connection.
  • You can view the connection in the Connections page of the virtual network gateway.
  • After that, repeat the preceding steps to create a second connection. For the second connection, select the other local network gateway that you created.
  • Lastly, if the connections are over BGP, after you have created your connections, navigate to a connection and select Configuration. On the Configuration page, for BGP, select Enabled. Then, click Save. Repeat for the second connection.

Test connections

Create two virtual machines, one on the side of the VPN Gateway virtual network gateway and the other on a virtual network for the Virtual WAN, and then ping the two virtual machines to test connectivity.

  • Firstly, create a virtual machine in the virtual network (Test1-VNet) for Azure VPN Gateway (Test1-VNG). Do not create the virtual machine in the GatewaySubnet.
  • Secondly, create another virtual network to connect to the virtual WAN. Create a virtual machine in a subnet of this virtual network. This virtual network cannot contain any virtual network gateways.
  • Then, connect the VNet to the Virtual WAN hub. On the page for your virtual WAN, select Virtual network connections, then +Add connection. On the Add connection page, fill in the following fields:
    • Connection name – Name your connection.
    • Hubs – Select the hub you want to associate with this connection.
    • Subscription – Verify the subscription.
    • Virtual network – Select the virtual network you want to connect to this hub. The virtual network cannot have an already existing virtual network gateway.
      Click OK to create the virtual network connection.
  • Lastly, connectivity is now set between the VMs. You should be able to ping one VM from the other, unless there are any firewalls or other policies blocking the communication.
Connect a VPN Gateway to Virtual WAN AZ-104 online course

Reference: Microsoft Documentation

Go back to Tutorial

Menu