In this post, I am going to demonstrate how to configure virtual network gateways in Azure using Resource Manager. This is important for connecting two Azure regions together, enabling you to setup high-availability and/or disaster recovery systems.
1. Resource Groups
Begin by creating or selecting a resource group in each of the regions that you want to connect. Below are the steps for creating a resource group in the Azure US West 2 region.
Click on the hamburger (
) button on the upper left of the Azure Resource Manager portal to expand the names of the left tool bar, if needed. Then select Resource groups.
Select Add. Then name your group and choose the region and subscription for it to use. Click create.
Repeat these steps for your other region(s).
2. Virtual Networks
Each region will have a virtual network which the gateways will connect.
Click the New button from the left side bar of your Azure portal. In the search box at the top, search for Virtual Network and select the Virtual Network object.
Verify that the deployment model says Resource Manager and click Create.
Populate all of the settings in the create wizard. It is important to make your address space large enough to contain additional which we will create later. Put one virtual network into each of your resource groups.
3. Create Virtual Network Gateways
In order to create the virtual network gateways, I have to create gateway subnets in each of the virtual networks.
Select the virtual network and navigate to the address space and add a new address space for your gateway.
Click save and then navigate to the subnets page and click the add gateway subnet button.
Populate the address range with a range that fits into your newest address space and click OK.
When complete you will have both your regular and gateway subnets available.
Click the new button in the top left again and search for virtual network gateway. Select the object and click create.
Refer to Microsoft documentation for the difference between gateway types, VPN types, and SKUs. All of them will work but with different costs and benefits. For this demonstration, I am sticking with a basic VPN.
Select the region specific virtual network that you created previously.
Create or select a public IP address to use.
Verify your region selection and click create.
As the portal warns, creating the gateway can take 45 minutes. While you are waiting, repeat these steps to create a virtual network gateway on the other region.
4. Connect Virtual Network Gateways
Once both of the gateways finish provisioning, they need to be connected in two directions. Open your first virtual network gateway, navigate to the connections pages, and click add.
Name the connection, select your other gateway as the secondary, and supply a shared key.
Repeat these steps, connecting the gateways in the other direction and then verify their status display as connected and succeeded.
Next steps
At this point the regions are connected and virtual machines can be created with either of the virtual networks. They will be able to speak to each other through the virtual network gateways and high-availability / disaster recovery systems can be configured.
Leave a Reply