Step-By-Step: Configuring a site-to-site VPN Gateway between Azure and On-Premise

Using site-to-site VPN gateway can provide better continuity for your workloads in hybrid cloud setup with Azure. This post will demonstrate how to set up site-to-site VPN Gateway to enable this.


Before start make sure you have following in place.

1) VPN device: A VPN device is needed on-premise to create the VPN connection with Azure. A list of supported list of devices can found here.

2) Static Public IP address: The VPN device should have external public IP address and it shouldn't be NAT.

3) Valid Azure Subscription


Create Virtual Network 


If you already have virtual network setup in your azure subscription, you will not need to do this step but make sure the settings are correct.


1) Log in to the azure portal.

2) Go to New > Networking > Virtual Network 


3) Then click on create

4) In next page, it will open up the wizard with the VNet information. In their fill the information to match with your configuration.
Name: Name for the VNet
Address Space: IP range for the VNet. If you have multiple Address ranges, it can add later
Subnet name: Name for the subnet you like to add
Subnet Address range: Subnet IP range (it must be within the Address Space listed before)
Resource Group: Can create new group or select existing group
Location: location of the VNet
After that click on create to continue
5) Once VNet created, can modify the address ranges and subnets
Create Gateway Subnet 
Next step is to create gateway subnet for the VNet. It is recommended to use /28 or /27 for gateway subnet. This need to be done before connecting VNet to the gateway.
1) Log in to the Azure Portal

2) Then go to More Services > Virtual Networks


3) Then click on the VNet, created on previous step and click on subnets. Then click on gateway subnet 
4) In the next window define the subnet for the gateway and click OK
Create Virtual Network Gateway
Next step is to create virtual network gateway.
1) Log in to azure portal
2) Go to New > Networking > Virtual Network Gateway 
3) In next window fill the relevant information and click on Create
Name:  Name for the virtual network gateway
Gateway Type:  For our VPN it will be VPN
VPN Type:  Type of the VPN and regular VPN will be route-based
SKU: SKU for the VPN type
Virtual Network: Select the VNet you have created following previous step
Public IP Address: VPN need to have public IP address. Select public IP from here or if you don't have, once you click on the option it will allow you to add new one
Location: Select the correct region to match with VNet region
4) It can take up to 45 minutes to complete the task. Once it's done can see the public IP address details. You need this to configure the VPN device in yours on premises device
Create Local Network Gateway
The next step is to create local gateway which represent your local network. To create it,
1) Log in to azure portal
2) Go to New > Networking > Local network gateway
3) Then it will open new wizard and fill the relevant information. After that click on create to proceed
Name: Name for the local gateway
IP Address: Public IP address to represent your VPN device. It should not behind NAT
Address Space: This is yours on premises address ranges. You can add multiple ranges.
Resource Group: Create new resource group or use the same one you were using
Create Site-to-Site VPN
Then next step is to create Site-to-Site VPN connection between your VPN device and the virtual network gateway. To create it,
1) Log in to azure portal
2) Go to More Services > Virtual network gateways 
3) Then click on the virtual network gateway you created and, under the settings tab, click on connection
4) Then click on add
5) In the wizard fill the relevant information and click ok.
Name: Name of the connection
Connection Type: Type of the VPN. Most of the time its site-to-site
Virtual Network Gateway: Select the relevant virtual network gateway
Local Network Gateway: Select the relevant local network gateway for your connection
Shared Key: This is the pre-shared key you going to use for the VPN configuration
6) Once created its all about configuring the VPN in your VPN device
7) Once connected you can see the status in same page by clicking on connection 
Comments (5)
  1. Thanks for the detailed step-by-step guide.

  2. Glenn Wilson says:

    Thanks for this.

  3. krishi says:

    Hey ! thanks for the detailed step-by-step information.. Its really helpful.

  4. Farooq Arian says:

    Thanks fro detailed steps.

  5. Farooq Arian says:

    In our Vnet configuration, do we need to create DNS servers? (both entries on-premise and azure dns).

Comments are closed.

Skip to main content