Azurecloud~30 mins

VPN Gateway for hybrid connectivity in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

VPN Gateway for hybrid connectivity

📖 Scenario: You work for a company that wants to connect their on-premises network securely to their Azure virtual network. They want to use a VPN Gateway to create a hybrid connection.

🎯 Goal: Build an Azure VPN Gateway configuration that connects an on-premises network to an Azure virtual network using a site-to-site VPN.

📋 What You'll Learn

Create a resource group named HybridNetworkRG

Create a virtual network named HybridVNet with address space 10.1.0.0/16

Create a subnet named GatewaySubnet with address prefix 10.1.255.0/27

Create a public IP address resource named VpnGatewayPublicIP

Create a VPN Gateway named HybridVpnGateway in the resource group

Configure the VPN Gateway with VpnGw1 SKU and RouteBased VPN type

Create a local network gateway named OnPremisesGateway with on-premises address space 192.168.0.0/24 and IP address 203.0.113.1

Create a VPN connection named SiteToSiteConnection between the VPN Gateway and the local network gateway

Use a shared key Azure123! for the VPN connection

💡 Why This Matters

🌍 Real World

Companies use VPN Gateways to securely connect their on-premises networks to Azure virtual networks, enabling hybrid cloud scenarios.

💼 Career

Cloud engineers and network administrators often configure VPN Gateways to establish secure hybrid connectivity between cloud and on-premises environments.

Progress0 / 4 steps

Create the resource group and virtual network

Create a resource group named HybridNetworkRG in eastus location. Then create a virtual network named HybridVNet with address space 10.1.0.0/16 inside the resource group. Also create a subnet named GatewaySubnet with address prefix 10.1.255.0/27 inside the virtual network.

Azure

# Your code here to create resource group, virtual network, and GatewaySubnet

Need a hint?

Use Azure CLI or ARM template syntax to define resource group and virtual network with subnet.

Create the public IP address for the VPN Gateway

Create a public IP address resource named VpnGatewayPublicIP in the resource group HybridNetworkRG. Use Standard SKU and Static allocation method.

Azure

resource_group = {
    "name": "HybridNetworkRG",
    "location": "eastus"
}

virtual_network = {
    "name": "HybridVNet",
    "resource_group": resource_group["name"],
    "address_space": ["10.1.0.0/16"],
    "subnets": [
        {
            "name": "GatewaySubnet",
            "address_prefix": "10.1.255.0/27"
        }
    ]
}

# Your code here to create VpnGatewayPublicIP

Need a hint?

Public IP for VPN Gateway must be static and standard SKU for reliability.

Create the VPN Gateway and local network gateway

Create a VPN Gateway named HybridVpnGateway in resource group HybridNetworkRG using the subnet GatewaySubnet from HybridVNet. Use SKU VpnGw1 and VPN type RouteBased. Then create a local network gateway named OnPremisesGateway with IP address 203.0.113.1 and address space 192.168.0.0/24.

Azure

resource_group = {
    "name": "HybridNetworkRG",
    "location": "eastus"
}

virtual_network = {
    "name": "HybridVNet",
    "resource_group": resource_group["name"],
    "address_space": ["10.1.0.0/16"],
    "subnets": [
        {
            "name": "GatewaySubnet",
            "address_prefix": "10.1.255.0/27"
        }
    ]
}

public_ip = {
    "name": "VpnGatewayPublicIP",
    "resource_group": resource_group["name"],
    "sku": "Standard",
    "allocation_method": "Static"
}

# Your code here to create HybridVpnGateway and OnPremisesGateway

Need a hint?

VPN Gateway must use the GatewaySubnet and public IP. Local network gateway defines on-premises network.

Create the VPN connection with shared key

Create a VPN connection named SiteToSiteConnection between the VPN Gateway HybridVpnGateway and the local network gateway OnPremisesGateway. Use the shared key Azure123! for the connection.

Azure

resource_group = {
    "name": "HybridNetworkRG",
    "location": "eastus"
}

virtual_network = {
    "name": "HybridVNet",
    "resource_group": resource_group["name"],
    "address_space": ["10.1.0.0/16"],
    "subnets": [
        {
            "name": "GatewaySubnet",
            "address_prefix": "10.1.255.0/27"
        }
    ]
}

public_ip = {
    "name": "VpnGatewayPublicIP",
    "resource_group": resource_group["name"],
    "sku": "Standard",
    "allocation_method": "Static"
}

vpn_gateway = {
    "name": "HybridVpnGateway",
    "resource_group": resource_group["name"],
    "location": resource_group["location"],
    "vnet_name": virtual_network["name"],
    "subnet_name": "GatewaySubnet",
    "public_ip_name": public_ip["name"],
    "sku": "VpnGw1",
    "vpn_type": "RouteBased"
}

local_network_gateway = {
    "name": "OnPremisesGateway",
    "resource_group": resource_group["name"],
    "gateway_ip_address": "203.0.113.1",
    "address_space": ["192.168.0.0/24"]
}

# Your code here to create SiteToSiteConnection with shared key Azure123!

Need a hint?

VPN connection links the Azure VPN Gateway and on-premises local network gateway using a shared key.