9, Azure Local Network Gateway configuration Azure VPN Connectionįinally, the Site-to-Site connection can be set, under the Azure VNG object, select Connections and add a new one, specifying the connection type of IPsec, select the configured LNG, enter the pre-shared key used on the AWS end and tick the Enable BGP option.
The LNG specifies the details of the AWS end of the tunnel, therefore the ASN to use is from AWS, 65412 and the BGP peer IP is the AWS end of the tunnel, 169.254.21.1. In the Azure console, add a Local Network Gateway to your subscription, ticking the box for Configure BGP settings. The outside IP address here is 52.30.50.45. Once the VPN configuration is started, the tunnel 1 outside IP address will be assigned and ready for the Azure Local Network Gateway (LNG) to be configured. The tunnel phase 1 and 2 configuration options can be changed later for a more secure setup. Set a secure shared secret and if required, edit the tunnel options for phase 1 and 2 encryption, integrity algorithms and Diffie-Hellman group numbers. The Tunnel Options are key for the BGP configuration, The Inside IPv4 CIDR for Tunnel 1 should be set to 169.254.21.0/30 to match the Azure APIPA address on the VNG. In the AWS VPC console, under Site-to-Site VPN Connections, create a new connection specifying the Transit Gateway as the target type and select the already deployed TGW and use the existing AWS CGW, set the routing option to Dynamic. Next, we configure the AWS VPN endpoint, utilising the CGW and Transit Gateway. 6, AWS Customer Gateway configuration AWS Site-to-Site VPN The routing option should be set to dynamic, the BGP ASN is that of the remote end ASN, in this case 65413 and the IP address assigned to the Azure VNG. 5, AWS Transit Gateway configuration AWS Customer Gateway (CGW)Īs we have the Azure VNG public IP, we can configure the AWS Customer Gateway (CGW). If you want to set it to a different one, now is the time as a change to the ASN will require the Transit Gateway to be re-deployed. Next, we create the AWS Transit Gateway, ensuring we set the Amazon side ASN to the BGP ASN we need, in this case 65412, which is also the default. 4, Azure VNG BGP configuration AWS Transit Gateway (TGW) Make a note of the public IP address assigned to the VNG for use later, in our case it is 51.140.250.225. The AWS ‘inside IP’ has support for many more ranges.įor this, we will set it to 169.254.21.2, the AWS end will be configured with 169.254.21.0/30 and will consume the first available IP in this range. The custom IP address must be within the Azure APIPA ranges, which are 169.254.21.* and 169.254.22.*. When deploying the Azure VNG, make sure to enable the option to Configure BGP, set the Azure-side BGP ASN to 65413 (or another that you may want to use, but must be unique from the AWS ASN) and set the Custom Azure APIPA BGP IP address in the range allowed. Also, the VPN type must be route-based to allow for the BGP protocol.
As we are going to be using BGP we need at least the VpnGw1 SKU to be used. Now that the basic networking is in place, we need to configure the Azure Virtual Network Gateway. 3, Azure VNet setup Azure Virtual Network Gateway (VNG) To start with the reference infrastructure, ensure all VPCs and subnets are created in AWS, VNets and subnets are setup in Azure and start with the AWS Transit Gateway creation. This article aims to provide a quick way to connect point-to-site VPNs to Azure, then configure a site-to-site VPN to AWS and have all VNets and VPCs communicating successfully with BGP as the protocol used to advertise all network routes.ĭue to the VPN configuration requirements of both platforms, we will be jumping back and forth between AWS and Azure to get each stage done as one step will feed into the next.
Azure point to site vpn route based how to#
So, when deploying to both of these cloud providers, linking the two together via a VPN is very easy to achieve and there are many tutorials on how to get setup in under 30 minutes. When it comes to basic networking, all cloud providers come with their own unique ways of addressing availability, whether it’s through availability zones with AWS, or geo-redundancy options for Azure. Which cloud provider do you use? Many companies today choose multiple providers due to the strengths they are after to meet either security requirements or ease of integration.
0 kommentar(er)
