Search This Blog

Thursday, May 14, 2015

Configure Site to Site VPN to Microsoft Azure Using RRAS

In our previous post, we have talked on building RRAS to connecting two subnet and network address translation. If you’re interested, feel free to check out here.

Next, we are going to embark a journey to Hybrid Cloud by connecting to Microsoft Azure by using RRAS.

[ Scenario]

Site2Site

Continue from previous post setup. We are changing it to include demand-dial.

[ Before – on Azure]

Create Virtual Network and create dynamic VPN Gateway. Take note and Gateway IP Address and Pre-Shared Key

s2s2

s2s3

[ Configuration on RRAS]

1. Modify to include demand dial. Set LAN and demand dial routing on Ipv4 router

s2s4

s2s5

2. Add a demand dial interface and modify accordingly

S2s6

S2S7

3. Connection type set to VPN

S2S8

4. VPN Connection set to use IKE v2

S2s9

5. Enter Azure VPN Gateway IP that you have created on previous step

S2s10

6. Tick Route IP Packet on this interface and enter destination route detail (enter Azure virtual network information)

s2s11a

s2s11b

7. On Credential, leave it empty. We are going to set pre-shared key later.

s2s12

s2s13

8. Modify the demand dial interface. Go to security tab and set to use pre-shared key

S2S14

[ Verification]

  • Try establish connection from RRAS
  • Connect on Azure Portal

s2s15

s2s16

Yeah! Both reported connected

To make sure that both side can access, perform ping test and tracert.

[ Test result]

From Azure VM to on-prem DC VM

result from azure

From on-prem DC VM to Azure VM

result from on-prem

Easy right!  That’s concluded our configuration to establish site to site vpn to Microsoft Azure by using RRAS.