A while ago, I started playing with Azure and always wanted to extend my humble lab to the Cloud, just so I could expand and contract when needed. I could do it with a Microsoft RRAS, but decided to go for a real VPN router. I still intend to post about RRAS. Stay tuned.
Here’s my quick scenario:
Local Network: 192.168.2.0/24
Remote Azure Network: 192.168.0.0/25
The interesting part of this post is that Microsoft will give you a configuration script for some well-known platforms, like RRAS, Cisco IOS and Juniper, but not for anything else. So, it is up to you to figure out the VPN parameters. Didn’t take long for me, but it is always an interesting task!
Let’s start with the Azure configuration.
Once you are logged in to the portal…wait, you don’t have an Azure subscription? Ok, go here and get you free trial subscription and get yourself a cloud to play!
So, you have your account and is logged on to the portal, right? Now, go to the Network menu:
I have a Local Network created already, that looks like this:
13* is the address of my Cisco VPN host. I know that since I’m using a dynamic IP, I will need to reconfigure the local network once it changes.
And the next screen looks like this:
Let’s create our network. Hit Create Virtual Network and complete the fields:
If you know one of your remote servers will be a DNS, add it here. Otherwise, let Azure provide you with one.
Now, select the Site-to-Site VPN and pick the Local Network you created before:
You will need to work out the proper Address Space for you network. I have tried to keep it to a Class C (256 IPs),but you have to create a subnet in order to accommodate the Gateway subnet:
Success! Here’s our virtual network. And we are…almost there. Note the screen below:
It is right there: THE GATEWAY WAS NOT CREATED. So, what should I do…not sure…well, let’s try creating the gateway!
Note again the bar below…yeah, down there, you almost missed it…and you will also notice that it mutates. Try to remember it exists and your life will be much easier. Here:
Hit it. I have picked static, since I don’t have any routing protocols running. NOTE: a gateway in a virtual network means a mini-VM is running to provide that, and therefore, there is cost!
Once the gateway is created (that can take a while), let’s try to connect to our Cisco host. First, get the script from the Dashboard screen:
That’s what I need:
Wait! Didn’t I say that I didn’t have a Cisco High end router? True. I don’t, but the cisco file will help us figure out some VPN parameters in the RV042G.
This will save a local file: VpnDeviceScript.cfg. In our case, it is a cisco configuration file:
Should look something like this:
Let’s try now that the GW is ready:
Here’s the RV042G configuration, as it ended up being:
Most of the settings below can be figured out from the cisco config file:
Now, save it and try to connect:
If you did it right, you should be something like this:
On the azure size, it should look like this:
If you ping from a local machine to 192.168.0.0, you will get something back:
To test it fully, I have deployed a machine to the new virtual network:
The machine the IP 192.168.0.4 and you should be able to RDP to it:
From here, everything is awesome! I mean, everything is normal! It is your first machine on a remote lab!