SALES: 1-800-867-1380

Configure a Site-to-Site VPN in the Management Portal

Updated: November 11, 2014

You have two options for creating and configuring a virtual network. You can either configure your network manually by using a network configuration file, or you can use the wizard in the Management Portal. The first time you create a virtual network in Azure, we recommend using the Custom Create wizard in the Management Portal. This wizard creates a network configuration file (.xml) for your virtual network. After you create your first virtual network using the Management Portal, you can export the file and use it as a template to create additional virtual networks.

Before beginning:

  • Verify that the VPN device that you want to use meets the requirements necessary to create a cross-premises virtual network connection. See About VPN Devices for Virtual Network for more information.

  • Obtain an externally facing IPv4 IP for your VPN device. This IP address is required for a site-to-site configuration and is used for your VPN device, which cannot be located behind a NAT.

ImportantImportant
If you aren’t familiar with configuring your VPN device or are unfamiliar with the IP address ranges located on your on-premises network configuration, you will need to coordinate with someone who can provide those details for you.

  1. Log in to the Management Portal.

  2. In the lower left-hand corner of the screen, click New. In the navigation pane, click Network Services, and then click Virtual Network. Click Custom Create to begin the configuration wizard.

  3. On the Virtual Network Details page, enter the information below. For more information about the settings on the details page, see the Virtual Network Details page.

    • Name - Name your virtual network. For example, EastUSVNet. You’ll use this virtual network name when you deploy your VMs and PaaS instances, so you may not want to make the name too complicated.

    • Location – The location is directly related to the physical location (region) where you want your resources (VMs) to reside. For example, if you want the VMs that you deploy to this virtual network to be physically located in East US, select that location. You can’t change the region associated with your virtual network after you create it.

  4. On the DNS Servers and VPN Connectivity page, enter the following information, and then click the next arrow on the lower right. For more information about the settings on this page, see the DNS Servers and VPN Connectivity page.

    • DNS Servers - Enter the DNS server name and IP address, or select a previously registered DNS server from the dropdown. This setting does not create a DNS server, it allows you to specify the DNS servers that you want to use for name resolution for this virtual network.

    • Configure Site-To-Site VPN - Select the checkbox for Configure a site-to-site VPN.

    • Local Network – A local network represents your physical on-premises location. You can select a local network that you’ve previously created, or you can create a new local network.

  5. If you’re creating a new local network, you’ll see the Site-To-Site Connectivity page. If you want to use a local network that you previously created, this page will not appear in the wizard and you can move on to the next section. Note that if you use local network that you previously created, you’ll want to go to the Local Networks configuration page and make sure that the VPN Device IP address (public facing IPv4 address) for the VPN device is accurate for this local network. To configure a new local network, enter the following information and then click the next arrow. For more information about the settings on this page, see the Site-To-Site Connectivity page.

    • Name - The name you want to call your local (on-premises) network site.

    • VPN Device IP Address - This is public facing IPv4 address of your on-premises VPN device that you’ll use to connect to Azure. The VPN device cannot be located behind a NAT.

    • Address Space - including Starting IP and CIDR (Address Count). This is where you specify the address range(s) that you want sent through the virtual network gateway to your local on-premises location. If a destination IP address falls within the ranges that you specify here, it will be routed through the virtual network gateway.

    • Add address space - If you have multiple address ranges that you want sent through the virtual network gateway, this is where you specify each additional address range. You can add or remove ranges later on the Local Network page.

  6. On the Virtual Network Address Spaces page, specify the address range that you want to use for your virtual network. These are the dynamic IP addresses (DIPS) that will be assigned to the VMs and other role instances that you deploy to this virtual network. There are quite a few rules regarding virtual network address space, so you will want to see the Virtual Network Address Spaces page for more information. It’s especially important to select a range that does not overlap with any of the ranges that are used for your on-premises network. You’ll need to coordinate with your network administrator, who may need to carve out a range of IP addresses from your on-premises network address space for you to use for your virtual network.

    Enter the following information, and then click the checkmark on the lower right to configure your network.

    • Address Space - including Starting IP and Address Count. Verify that the address spaces you specify don’t overlap any of the address spaces that you have on your on-premises network.

    • Add subnet - including Starting IP and Address Count. Additional subnets are not required, but you may want to create a separate subnet for VMs that will have static DIPS. Or you might want to have your VMs in a subnet that is separate from your other role instances.

    • Add gateway subnet - Click to add the gateway subnet. The gateway subnet is used only for the virtual network gateway and is required for this configuration.

  7. Click the checkmark on the bottom of the page and your virtual network will begin to create. When it completes, you will see Created listed under Status on the Networks page in the Management Portal.

  8. Next, you’ll configure the virtual network gateway to create a secure site-to-site connection. See Configure a Virtual Network Gateway in the Management Portal for the next steps.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft