# Creating a VPN Topology
# Create the Virtual Networks
# Create the Virtual Network in Azure
az network vnet create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name Azure-VNet-1 \
--address-prefix 10.0.0.0/16 \
--subnet-name Services \
--subnet-prefix 10.0.0.0/24
1
2
3
4
5
6
2
3
4
5
6
az network vnet subnet create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--vnet-name Azure-VNet-1 \
--address-prefix 10.0.255.0/27 \
--name GatewaySubnet
1
2
3
4
5
2
3
4
5
az network local-gateway create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--gateway-ip-address 94.0.252.160 \
--name LNG-HQ-Network \
--local-address-prefixes 172.16.0.0/16
1
2
3
4
5
2
3
4
5
# Create a Simulated Head Office Virtual Network in Azure
az network vnet create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name HQ-Network \
--address-prefix 172.16.0.0/16 \
--subnet-name Applications \
--subnet-prefix 172.16.0.0/24
1
2
3
4
5
6
2
3
4
5
6
az network vnet subnet create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--address-prefix 172.16.255.0/27 \
--name GatewaySubnet \
--vnet-name HQ-Network
1
2
3
4
5
2
3
4
5
az network local-gateway create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--gateway-ip-address 94.0.252.160 \
--name LNG-Azure-VNet-1 \
--local-address-prefixes 10.0.0.0/16
1
2
3
4
5
2
3
4
5
# View the Network Topology
az network vnet list --output table
1
# View the local network gateways
az network local-gateway list \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--output table
1
2
3
2
3
# Create the Virtual Network Gateways
# Create a public IP for the Azure Virtual Network
az network public-ip create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name PIP-VNG-Azure-VNet-1 \
--allocation-method Dynamic
1
2
3
4
2
3
4
# Create a virtual network gateway in the Azure Virtual Network
az network vnet-gateway create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name VNG-Azure-VNet-1 \
--public-ip-address PIP-VNG-Azure-VNet-1 \
--vnet Azure-VNet-1 \
--gateway-type Vpn \
--vpn-type RouteBased \
--sku VpnGw1 \
--no-wait
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
--no-wait :Tells `az' not to wait for the command to complete, as provisioning a virtual network gateway can take up to 45 minutes.
# Create a public IP for the Simulated Head Office Azure Virtual Network
az network public-ip create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name PIP-VNG-HQ-Network \
--allocation-method Dynamic
1
2
3
4
2
3
4
# Create a virtual network gateway in the Simulated Head Office Azure Virtual Network
az network vnet-gateway create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name VNG-HQ-Network \
--public-ip-address PIP-VNG-HQ-Network \
--vnet HQ-Network \
--gateway-type Vpn \
--vpn-type RouteBased \
--sku VpnGw1 \
--no-wait
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
--no-wait : Tells `az' not to wait for the command to complete, as provisioning a virtual network gateway can take up to 45 minutes.
# Run the Linux `watch' command to wait for provision to succeed
Wait for the provisioning status to become 'Succeeded'.
watch -d -n 5 az network vnet-gateway list \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--output table
1
2
3
2
3
-d :Tells `watch' to highlight differences.
-n 5 :Tells `watch' to rerun the command every 5 seconds.
# Double-check that the provisioning status for the virtual network gateways is 'Succeeded'.
az network vnet-gateway list \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--query "[?provisioningState=='Succeeded']" \
--output table
1
2
3
4
2
3
4
# Retrieve the public IP for the Azure Virtual Network, and update the virtual network with the IP
PIPVNGAZUREVNET1=$(az network public-ip show \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name PIP-VNG-Azure-VNet-1 \
--query "[ipAddress]" \
--output tsv)
1
2
3
4
5
2
3
4
5
az network local-gateway update \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name LNG-Azure-VNet-1 \
--gateway-ip-address $PIPVNGAZUREVNET1
1
2
3
4
2
3
4
# Do the same thing for the Simulated Head Office Azure Virtual Network
PIPVNGHQNETWORK=$(az network public-ip show \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name PIP-VNG-HQ-Network \
--query "[ipAddress]" \
--output tsv)
1
2
3
4
5
2
3
4
5
az network local-gateway update \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name LNG-HQ-Network \
--gateway-ip-address $PIPVNGHQNETWORK
1
2
3
4
2
3
4
# Connect the Networks Together
# Create a shared key to use for the connections.
SHAREDKEY=<shared key>
1
# Create the connect from Azure Virtual Network to the Simulated Head Office Virtual Network.
az network vpn-connection create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name Azure-VNet-1-To-HQ-Network \
--vnet-gateway1 VNG-Azure-VNet-1 \
--shared-key $SHAREDKEY \
--local-gateway2 LNG-HQ-Network
1
2
3
4
5
6
2
3
4
5
6
# Create the connect from Simulated Head Office Azure Virtual Network to the Azure Virtual Network.
az network vpn-connection create \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name HQ-Network-To-Azure-VNet-1 \
--vnet-gateway1 VNG-HQ-Network \
--shared-key $SHAREDKEY \
--local-gateway2 LNG-Azure-VNet-1
1
2
3
4
5
6
2
3
4
5
6
# Verify the Network Connections
# Confirm that the Azure Virtual Network is Connected
az network vpn-connection show \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name Azure-VNet-1-To-HQ-Network \
--output table \
--query '{Name:name,ConnectionStatus:connectionStatus}'
1
2
3
4
5
2
3
4
5
# Confirm that the Simulated Head Office Azure Virtual Network is Connected
az network vpn-connection show \
--resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
--name HQ-Network-To-Azure-VNet-1 \
--output table \
--query '{Name:name,ConnectionStatus:connectionStatus}'
1
2
3
4
5
2
3
4
5