Partager via


VNet to VNet connectivity - Microsoft Azure

Vnet to Vnet Communication

By default  all VM’s within a VNET can communicate with each other, regardless what address space/subnet they belong to

 By default communication between VNETs is blocked, you can establish communication between  two or more virtual networks together and that too securely with IPsec/IKE S2S VPN tunnels

There could be several reasons why you want to enable communication between VNETS. e.g.

                              You want to setup a custom geo-replication or synchronization  without going over internet

                             Company A wants to share specific data/web services  with Company B in a secure way  without going over internet or an inter org communication that are on multiple VNETS.

                             You want to setup SQL AO

In my scenario, I want to access:

A website hosted on a  VM named  “web1vnet2” in VNET “SatishVnet2” from from VM named “dc1vnet1” in VNET “SatishVnet1” or ViceVersa

  1.  Windows Firewall enabled on every VM with required exceptions in place
  2. All endpoints for all VM’s are removed
  3. Web2Vnet2 is listening on port 80 only

I will follow following 6 key sections for this configuration:

1. Plan your IP address ranges    

2. Create your virtual networks

3. Add local networks

4. Create the dynamic routing gateways for each VNet.

5. Connect the VPN gateways

6. Verify connectivity

 

1. Plan your IP address ranges. 2. Create your virtual networks

VNET1

VNET Name Cloud Service Name StorageAccountName Location

satishVnet1         satishVnet1cloudsvc                                         satishvnet1sa                                East US

 

VM config

 

 VNET2

 

VNET Name Cloud Service Name StorageAccountName Location

satishVnet2         satishVnet2cloudsvc                                      satishvnet2sa                                   West US

 

VM Config

 

3. Add local networks

 

Next we need to configure “Add Local Network” for cross
premises connectivity

From your portal click on

               New->Network
Services->Virtual Network->Add Local Network

For VPN Device IP Address, use any  dummy IP address for now, since we have not
created the gateway yet, once gateway is created we will upate the VPN Device
IP Address with the actual gateway IP

See picture below

and Next specify the address space

 

Repeat the steps again  for  VNET “SatishVnet2” 

 

 .

 

 

Next you’ll point each VNet to the other as a local network.

In this case I will point VNET  “SatishVnet1” to “SatishVnet2” and  point VNET “SatishVnet2” to “SatishVnet1”

 In the Management Portal, go to the Configure page for VNET “SatishVnet”. Under site-to-site
connectivity
, select Connect to the local network, then select SatishVnet2-172addressspace as the local network
and add VPN Gatewaysubnet and then click “Save”

 See screen capture below

 

.

 

4. Create the dynamic routing gateways for each VNET

 Go to “Networks”, Select  VNET “SatishVnet1”,  Select “Dashboard”  and create the “Dynamic Routing”

See picture below

 

Go to “Networks”, Select  VNET “SatishVnet2”,  Select “Dashboard”  and create the “Dynamic Routing”

See picture below

 

Wait for 15 to 20 minutes till gateway is created

See picture below (the gateway for SatishVnet1

 

 

 

 

Next we need to update the VPN Device IP address for each “Local Network”  with this new gateway address

.

 

5. Connect the VPN gateways   

Set the IPsec/IKE pre-shared keys to be the same. You can use it with REST API or PowerShell,  in this example I am using azure PowerShell, see pic below

 

6. Verify connectivity is established using PowerShell or from portal

 

On Portal:   Go to Networks-> select VNET “SatishVnet1”->Dashboard

 See picture below

 

Launching website https://dc1vnet2  from VM dc1vnet1

 

DISCLAIMER: This posting is provided "AS IS" with no warranties and confers no rights 

 For more details go to : https://msdn.microsoft.com/en-us/library/azure/dn690122.aspx