It’s been awhile sense I’ve setup an Azure VPN for a customer and I had to relearn the process – particularly with ARM. So I thought I’d share some tips on getting this setup without any hassles.
- Be sure to check the endpoint Azure will connect to is on the supported list.
- Make sure you VPN Gateway is the right type “PolicyBased” or “RouteBased” (use the device list to be sure which one is right for your config)
- When planning out the Virtual Networks…be sure to use a big enough “address space” to host the subnet for the Azure VMs and the “Gateway” subnet. So you could use an Address Space of 192.168.0.0/16 (you won’t use all those addresses) and create a default subnet of 192.168.1.0/24 and a Gateway subnet of 192.168.2.0/27. The Gateway subnet is NOT overlapping with the “default” network but is part of the “Address Space.
- Use Security Groups to lock down the access – of course we want security
Happy building
D
Quick tips with Azure Site-to-Site VPNs