SALES: 1-800-867-1380

Configure a Virtual Network Gateway in the Management Portal

Updated: April 22, 2014

A virtual network gateway is required to create a secure cross-premises connection. After creating your virtual network, use the following steps to configure the virtual network gateway and gather the information you’ll need to configure your VPN device.

  1. Start the virtual network gateway

  2. Gather information for your VPN device configuration

  3. Configure your VPN Device

  4. Verify your Local Network ranges

  1. On the Networks page, verify that the status column for your virtual network is Created.

  2. In the Name column, click the name of your virtual network.

  3. On the Dashboard page, notice that this VNet doesn’t have a gateway configured yet. You’ll see this status as you go through the steps to configure your gateway.

    Gateway Not Created
  4. At the bottom of the page, click Create Gateway. You can select either Static Routing or Dynamic Routing.

    The routing type you select depends on a number of factors. For example, what your VPN device will support and whether you need to support point-to-site connections. Check About VPN Devices for Virtual Network to verify the routing type that you need. Once the gateway has been created, you can’t change between gateway types without deleting and re-creating the gateway. When the system prompts you to confirm that you want the gateway created, click Yes.

    Gateway Type

  5. When your gateway is creating, notice the gateway graphic on the page changes to yellow and says Creating Gateway. It may take up to 15 minutes for the gateway to create. You’ll have to wait until the gateway is complete before you can move forward with other configuration settings.

    Gateway Creating
  6. When the gateway changes to Connecting, you can gather the information you’ll need for your VPN device.

    Gateway Connecting

After the gateway has been created, gather information for your VPN device configuration. This information is located on the Dashboard page for your virtual network:

  1. Gateway IP address - The IP address can be found on the Dashboard page. You won’t be able to see it until after your gateway has finished creating.

  2. Shared key - Click Manage Key at the bottom of the screen. Click the icon next to the key in order to copy it to your clipboard, and then paste and save the key.

    Manage Key
  3. VPN Configuration Script Template - On the Dashboard page, under quick glance, click Download VPN Device Script. On the Download VPN Device Config Script dialog box, select the vendor, platform, and operating system for your company’s VPN device. Click the checkmark button and save the file. If you don’t see your VPN device in the drop-down list, see About VPN Devices for Virtual Network in the MSDN library for additional script templates. If you will be using RRAS as your VPN device, see Configure a Site-to-Site VPN using Windows Server 2012 Routing and Remote Access Service (RRAS) for more information about using the PowerShell script.

    This is also a good time to make sure that you’ve created the right Gateway Type (Dynamic or Static Routing).

    VPN Device Template

After completing the previous steps, you or your network administrator will need configure the VPN device in order to create the connection. See About VPN Devices for Virtual Network for more information about VPN devices.

After the VPN device has been configured, you can view your updated connection information on the Dashboard page for your VNet.

You can also run one of the following commands to test your connection:

 

  Cisco ASA Cisco ISR/ASR Juniper SSG/ISG Juniper SRX/J

Check main mode SAs

show crypto isakmp sa

show crypto isakmp sa

get ike cookie

show security ike security-association

Check quick mode SAs

show crypto ipsec sa

show crypto ipsec sa

get sa

show security ipsec security-association

In order for traffic to flow through the gateway to your on-premises location, you’ll also need to verify that you have listed each local network range. You may have listed local address ranges when you created your virtual network, but if you need to add more ranges or edit the ranges that you specified, you can do so on the Networks page in the management portal. Just click Networks on the left portal pane and then select Local Networks at the top of the page. Traffic that is bound for an IP address that is contained within the ranges listed will then be sent through the virtual network gateway.
Note: The IP address ranges that you list do not have to be private ranges, although you will want to verify that your on-premises configuration is able to receive the inbound traffic.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft