# Creating a VPN Topology

# Create the Virtual Networks

# Create the Virtual Network in Azure

az network vnet create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name Azure-VNet-1 \
    --address-prefix 10.0.0.0/16 \
    --subnet-name Services \
    --subnet-prefix 10.0.0.0/24
1
2
3
4
5
6
az network vnet subnet create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --vnet-name Azure-VNet-1 \
    --address-prefix 10.0.255.0/27 \
    --name GatewaySubnet
1
2
3
4
5
az network local-gateway create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --gateway-ip-address 94.0.252.160 \
    --name LNG-HQ-Network \
    --local-address-prefixes 172.16.0.0/16
1
2
3
4
5

# Create a Simulated Head Office Virtual Network in Azure

az network vnet create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name HQ-Network \
    --address-prefix 172.16.0.0/16 \
    --subnet-name Applications \
    --subnet-prefix 172.16.0.0/24
1
2
3
4
5
6
az network vnet subnet create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --address-prefix 172.16.255.0/27 \
    --name GatewaySubnet \
    --vnet-name HQ-Network
1
2
3
4
5
az network local-gateway create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --gateway-ip-address 94.0.252.160 \
    --name LNG-Azure-VNet-1 \
    --local-address-prefixes 10.0.0.0/16
1
2
3
4
5

# View the Network Topology

az network vnet list --output table
1

# View the local network gateways

az network local-gateway list \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --output table
1
2
3

# Create the Virtual Network Gateways

# Create a public IP for the Azure Virtual Network

az network public-ip create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name PIP-VNG-Azure-VNet-1 \
    --allocation-method Dynamic
1
2
3
4

# Create a virtual network gateway in the Azure Virtual Network

az network vnet-gateway create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name VNG-Azure-VNet-1 \
    --public-ip-address PIP-VNG-Azure-VNet-1 \
    --vnet Azure-VNet-1 \
    --gateway-type Vpn \
    --vpn-type RouteBased \
    --sku VpnGw1 \
    --no-wait
1
2
3
4
5
6
7
8
9

--no-wait :Tells `az' not to wait for the command to complete, as provisioning a virtual network gateway can take up to 45 minutes.

# Create a public IP for the Simulated Head Office Azure Virtual Network

az network public-ip create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name PIP-VNG-HQ-Network \
    --allocation-method Dynamic
1
2
3
4

# Create a virtual network gateway in the Simulated Head Office Azure Virtual Network

az network vnet-gateway create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name VNG-HQ-Network \
    --public-ip-address PIP-VNG-HQ-Network \
    --vnet HQ-Network \
    --gateway-type Vpn \
    --vpn-type RouteBased \
    --sku VpnGw1 \
    --no-wait
1
2
3
4
5
6
7
8
9

--no-wait : Tells `az' not to wait for the command to complete, as provisioning a virtual network gateway can take up to 45 minutes.

# Run the Linux `watch' command to wait for provision to succeed

Wait for the provisioning status to become 'Succeeded'.

watch -d -n 5 az network vnet-gateway list \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --output table
1
2
3

-d :Tells `watch' to highlight differences.

-n 5 :Tells `watch' to rerun the command every 5 seconds.

# Double-check that the provisioning status for the virtual network gateways is 'Succeeded'.

az network vnet-gateway list \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --query "[?provisioningState=='Succeeded']" \
    --output table
1
2
3
4

# Retrieve the public IP for the Azure Virtual Network, and update the virtual network with the IP

PIPVNGAZUREVNET1=$(az network public-ip show \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name PIP-VNG-Azure-VNet-1 \
    --query "[ipAddress]" \
    --output tsv)
1
2
3
4
5
az network local-gateway update \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name LNG-Azure-VNet-1 \
    --gateway-ip-address $PIPVNGAZUREVNET1
1
2
3
4

# Do the same thing for the Simulated Head Office Azure Virtual Network

PIPVNGHQNETWORK=$(az network public-ip show \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name PIP-VNG-HQ-Network \
    --query "[ipAddress]" \
    --output tsv)
1
2
3
4
5
az network local-gateway update \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name LNG-HQ-Network \
    --gateway-ip-address $PIPVNGHQNETWORK
1
2
3
4

# Connect the Networks Together

# Create a shared key to use for the connections.

SHAREDKEY=<shared key>
1

# Create the connect from Azure Virtual Network to the Simulated Head Office Virtual Network.

az network vpn-connection create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name Azure-VNet-1-To-HQ-Network \
    --vnet-gateway1 VNG-Azure-VNet-1 \
    --shared-key $SHAREDKEY \
    --local-gateway2 LNG-HQ-Network
1
2
3
4
5
6

# Create the connect from Simulated Head Office Azure Virtual Network to the Azure Virtual Network.

az network vpn-connection create \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name HQ-Network-To-Azure-VNet-1  \
    --vnet-gateway1 VNG-HQ-Network \
    --shared-key $SHAREDKEY \
    --local-gateway2 LNG-Azure-VNet-1
1
2
3
4
5
6

# Verify the Network Connections

# Confirm that the Azure Virtual Network is Connected

az network vpn-connection show \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name Azure-VNet-1-To-HQ-Network  \
    --output table \
    --query '{Name:name,ConnectionStatus:connectionStatus}'
1
2
3
4
5

# Confirm that the Simulated Head Office Azure Virtual Network is Connected

az network vpn-connection show \
    --resource-group learn-8b1af32b-d9be-46d7-aafb-194817c99647 \
    --name HQ-Network-To-Azure-VNet-1  \
    --output table \
    --query '{Name:name,ConnectionStatus:connectionStatus}'
1
2
3
4
5
Last Updated: 3/7/2022, 9:55:04 PM