SALES: 1-800-867-1380

About Virtual Network Settings in the Management Portal

Updated: January 17, 2014

You have two options for creating and configuring a virtual network. You can either configure your network manually by using a network configuration file, or you can configure your virtual network by using the Management Portal. The first time you create a virtual network in Windows Azure, we recommend using the Custom Create wizard in the Management Portal. This wizard creates a network configuration file (.xml) for your virtual network. After you create your first virtual network via the Management Portal, you can then export the .xml configuration file and use it as a template for creating additional virtual networks. For information about manually creating a virtual network, see Configure a Virtual Network Using a Network Configuration File.

The following sections provide details for the information you will enter on each screen in the Management Portal’s Custom Create wizard for virtual networks.
In the Custom Create wizard, you will fill out some or all of the following pages, depending on your configuration choices:

Virtual Network Details page

DNS Servers and VPN Connectivity page

Point-To-Site Connectivity page

Site-To-Site Connectivity page

Virtual Network Address Spaces page

On the Virtual Network Details page, you will create a name for your virtual network and assign it to an affinity group and region.

  • NAME: The name of your virtual network.

    Naming rules:

    • Names must be unique within a Windows Azure subscription.

    • Names must start with a letter or number, and must contain only letters, numbers, or dashes. Spaces are not allowed.

    • Name cannot be changed after the virtual network is deployed.

    • Required

  • AFFINITY GROUP: The affinity group your virtual network is assigned to. You can create a new affinity group or select an existing affinity group. Affinity groups provide a way to physically group Windows Azure services together at the same data center to improve performance.

    Affinity group rules:

    • All virtual networks must be assigned to an affinity group.

    • The assigned affinity group cannot be changed after the virtual network is deployed.

    • Required

    For more information about affinity groups, see About Affinity Groups for Virtual Network.

  • REGION: The region your affinity group is assigned to. Regions determine the geographic area of the data center that stores your virtual network. For best performance, select a region close to where your users are located.

    Region rules:

    • Cannot be changed

    • Required

  • AFFINITY GROUP NAME: The name of new affinity group.

    Affinity group name rules:

    • Must be unique within a Windows Azure subscription

    • Must start with a letter or number, and must contain only letters, numbers, or dashes. Spaces are not allowed.

    • Cannot be changed

    • Required if you select Create a new affinity group on this screen

On the DNS Servers and VPN Connectivity page, you will specify the IP address of the DNS server(s) to use for name resolution. If you do not specify a DNS Server, Windows Azure will use its own default DNS service. If you elect to use the Windows Azure default DNS service, you will not be able to resolve hostnames cross-premises.
DNS servers can be changed after your VPN has been created. However, if you have deployed virtual machines to the VPN, you must reboot them in order for them to point to the new DNS server. It is important to identify your name resolution requirements before you create your VPN if you want to create a cross-premises solution. For more information to help with this planning, see Name Resolution (DNS).

  • DNS SERVERS: The DNS Server(s) you want the virtual network to use. You can select an existing DNS Server that you have previously registered from the dropdown, or you can register a new DNS server. Note that you do not create a DNS server on this page, but rather reference a DNS server that already exists that you want to point to for name resolution.

    DNS Server rules:

    • Names must start with a letter or number, and must contain only letters, numbers, or dashes. Spaces are not allowed.

    • Names must be unique within a Windows Azure subscription.

    • You can add up to nine DNS servers.

    • Only IPv4 addresses are permitted.

    • Required if you want to connect to your company’s DNS server or a public DNS server.

  • Configure Point-To-Site VPN If you want to configure on-premises client computers to connect to your virtual network and access resources by using VPN software and certificates, select this option. For more information about secure cross-premises connections, see About Secure Cross-Premises Connectivity.

  • Configure Site-To-Site VPN If you want to configure a secure site-to-site cross-premises connection using a VPN device, select this option. When you select this option, you can select the name of a local network that you have already configured which specifies the IP address ranges that exist on your on-premises location. The IP address ranges listed will be sent through the virtual network gateway. If you haven’t created a local network, you can do so on the Site-to-Site Connectivity page of the wizard. For more information about secure cross-premises connections, see About Secure Cross-Premises Connectivity. For more information about VPN devices, see About VPN Devices for Virtual Network.

The Point-To-Site Connectivity page appears only if you selected Configure Point-To-Site VPN on the DNS and VPN Connectivity Screen. On this screen, you will specific the information that will configure the address space to be used for your point-to-site connection.

  • ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection. Click to configure and adjust the address space accordingly. Click add address space to add additional address space.

    Address space rules:

    • Address space must be private

    • Address space must be a private address range, specified in CIDR notation 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 (as specified by RFC 1918). Note that the following routes will be added to the client, respectively, for directing traffic from the local machine to the virtual network: 10.0.0.0/255.0.0.0, 172.16.0.0/255.255.0.0, or 192.168.0.0/255.255.255.0.  This means that, for example, you may not be able to contact other 10.0.0.0/8 addresses on your local subnet if you have specified 10.0.0.0/8 for your VPN client address space.

    • Cannot overlap other virtual network or local network sites

    • Required if you have selected to configure point-to-site connectivity

The Site-To-Site Connectivity page appears only if you selected Configure Site-To-Site VPN on the DNS and VPN Connectivity Screen. On this screen, you will specify the VPN Device IP address that you will use for this virtual network and specify the address ranges that you want to send through the virtual network gateway. You will need to specify each range that you want to send through the gateway to your local network. The ranges that you specify here will appear on the Local Networks page after the configuration is complete. You can add and remove ranges later on the Local Networks page in the portal.

  • NAME: The name that you want to use to refer to your local network site.

  • VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device. Note that the VPN device cannot be located behind a NAT.

  • ADDRESS SPACE: The address ranges that you want Windows Azure to send through the gateway to your local network. Click to configure and adjust the address space accordingly. Click add address space to add additional address space.

    Address space rules:

    • Cannot overlap other virtual network or local network sites

    • Required if you have selected to configure site-to-site connectivity

On the Virtual Network Address Spaces page, you will create the private address space for your new virtual network.

  • ADDRESS SPACE: The address space for your virtual network. Click to configure and adjust the address space accordingly. Click add address space to add additional address space.

    Address space rules:

    • Address space must be private

    • Address space must be a private address range, specified in CIDR notation 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 (as specified by RFC 1918)

    • Cannot overlap other virtual network or local network sites

    • Required

  • add subnet The names and IPs for subnets to be created in your virtual network. Click add subnet to add additional subnets.

    Subnet rules:

    • Subnet IPs must be within the virtual network address space.

    • You can add multiple subnets to a virtual network.

    • Subnet IP addresses cannot overlap within the virtual network.

    • The smallest supported subnet is /29.

    • Adding a subnet is optional.

  • add gateway subnet Specify the IP addresses to be used for your virtual network gateway subnet. You can add one gateway subnet for your virtual network.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft