Site-to-azure vpn using windows server 2012 rras

We need to add a route to our Virtual Network in Azure. Add any additional networks you need to reach. In this example I choose only to add the server subnet that we created earlier, but I could have added the entire range of the Virtual Network in Azure One your interface has been created, right click it and select Properties. The final step is to right click our Site to Site interface and select Connect.

The connection should say Connected after a few seconds. In order to verify connectivity between our Azure Virtual Network and the on-premise network, we will deploy a virtual machine in the server subnet that was created earlier. The virtual machine will not have any public IP addresses, so we will only be able to reach it through our VPN connection. You can add a public address later if you need it. Go through the rest of the wizard and deploy the Virtual Machine. With our Site to Site VPN Connection connected try to ping the virtual machine from the on-premise server, it should respond.

We can also verify connectivity by trying to establish an SSH connection to our virtual machine running in Azure. The reason this works is because the Network Security Group NSG that was deployed along with the virtual machine allows all inbound and outbound traffic to and from the Virtual Network by default. Microsoft provides setup scripts to configure the supported devices, so if you have such a device, you can pretty safely assume that you meet those requirements.

Since we're not using a supported device, we will need to pay a little more attention to the details. Windows Server can be configured to meet all of these requirements! Yes, the the Internet, and not behind a public facing firewall. You cannot NAT the address. As in the example above, the RRAS server does not need to be the Default Gateway for your entire corpnet to find it's way to the Internet, but you will need to configure a route on the existing default gateway so that all traffic which is destined for your Azure subnet s will send that traffic to the internal interface of the RRAS server which will in turn send that traffic over the site-to-site VPN tunnel.

In the example above, the computers on the Corpnet are configured to Leave the Gateway address blank. This causes the server to send all traffic which is not destined for the subnet that is directly assigned to the Inside interface to got over the Outside adapter. If you happen to have multiple subnets at the Corpnet that you want to make available to your Azure VMs, then you will need to configure the RRAS server with Static Routes to be able to use the Internal Gateway to find the other networks.

For example, if you also have a You do that by using the " route " command. NOTE: Our resource group is empty at this point.

STEP 3: We will be creating a virtual network gateway. Your settings should look like this: After the Virtual network gateways is created go and get the public IP addresses.

I used Server R2. Follow this to install it: On your on-premises server launch Server Manager. Give the Interface a name.

We want to add the route of our Azure-VMs subnet. Also click on the Options tab and set the connection type to persistent. Up in Azure you should also see the connection status as Connected. When you click on the connection you should data flowing in and out of your connection. Leave a Comment Cancel reply You must be logged in to post a comment.

Marc Kean Join other followers. Sign me up. Already have a WordPress. Log in now. Loading Comments Post was not sent - check your email addresses!