Establishing of secure VPN connection to OnPrem with Azure Explained

Azure Virtual Network Gateway, Local Network Gateway, Azure Connection, and Border Gateway Protocol (BGP) are components of Azure networking that enable you to connect your on-premises and cloud resources.

Azure Virtual Network Gateway is a service that enables you to connect your Azure virtual networks (VNets) to other networks, such as on-premises networks or other VNets, using VPN or ExpressRoute. Virtual network gateways provide a secure connection between your networks, and enable you to control access to your resources using network security groups and access control lists.

Local Network Gateway is a resource in Azure that represents your on-premises network. You can use the Local Network Gateway to define the address space, BGP settings, and VPN connections for your on-premises network.

Azure Connection is a connection between an Azure VNet and a Local Network Gateway that enables you to create a VPN connection between your on-premises and cloud resources. Azure Connections support both site-to-site VPN and point-to-site VPN, and enable you to control access to your resources using network security groups and access control lists.

Border Gateway Protocol (BGP) is a routing protocol that enables you to exchange routing information between networks. BGP can be used in combination with VPN or ExpressRoute to establish a connection between your on-premises and cloud resources, and to optimize the performance and reliability of your network connections.

In summary, Azure Virtual Network Gateway, Local Network Gateway, Azure Connection, and BGP are components of Azure networking that enable you to connect your on-premises and cloud resources. You can use these components to create VPN or ExpressRoute connections between your networks, and to control access to your resources using network security groups and access control lists.

Virtual Network Gateway setup

To set up a virtual network gateway in Azure, you will need to complete the following steps:

1. Create a virtual network: Create a virtual network (VNet) in Azure to host your virtual network gateway. You will need to specify the address space, subnets, and security rules for your VNet.
2. Create a public IP address: Create a public IP address to use for your virtual network gateway. The public IP address will be used to access the gateway from the Internet or from on-premises networks.
3. Create a virtual network gateway: Create a virtual network gateway resource in Azure and specify the virtual network and public IP address that you want to use. You will also need to specify the gateway type (VPN or ExpressRoute), and the connection type (site-to-site or point-to-site).
4. Create a local network gateway: If you are creating a site-to-site VPN connection, you will need to create a local network gateway resource in Azure to represent your on-premises network. You will need to specify the address space and BGP settings for your on-premises network.
5. Create an Azure connection: If you are creating a site-to-site VPN connection, you will need to create an Azure connection resource in Azure to connect your virtual network gateway to your local network gateway. You will need to specify the virtual network gateway, local network gateway, and connection type (IPSec or SSL/TLS).
6. Configure your on-premises VPN device: If you are creating a site-to-site VPN connection, you will need to configure your on-premises VPN device to connect to your Azure virtual network gateway. You will need to provide the connection settings and authentication credentials for your Azure connection to your VPN device.

In summary, to set up a virtual network gateway in Azure, you will need to create a virtual network, public IP address, virtual network gateway, local network gateway (for site-to-site VPN), and Azure connection (for site-to-site VPN), and configure your on-premises VPN device (for site-to-site VPN). This will enable you to create a secure connection between your Azure virtual network and your on-premises or other cloud resources.

Local Network Gateway setup

To set up a local network gateway in Azure, you will need to complete the following steps:

1. Create a resource group: Create a resource group in Azure to host your local network gateway resource. A resource group is a logical container for your Azure resources, and enables you to manage, deploy, and delete your resources as a group.
2. Create a public IP address: Create a public IP address to use for your local network gateway. The public IP address will be used to access the gateway from the Internet or from on-premises networks.
3. Create a local network gateway: Create a local network gateway resource in Azure and specify the public IP address that you want to use. You will also need to specify the address space and BGP settings for your on-premises network.
4. Configure your on-premises VPN device: If you are creating a site-to-site VPN connection, you will need to configure your on-premises VPN device to connect to your Azure local network gateway. You will need to provide the connection settings and authentication credentials for your VPN device to your Azure local network gateway.

In summary, to set up a local network gateway in Azure, you will need to create a resource group, public IP address, and local network gateway resource, and configure your on-premises VPN device (for site-to-site VPN). This will enable you to create a secure connection between your on-premises network and your Azure virtual network.

IPSec Tunnel setup with Virtual and Local network gateway’s

An IPsec tunnel is a secure connection that is established between two devices or networks using the Internet Protocol Security (IPsec) protocol. IPsec tunnels enable you to encrypt and authenticate the traffic between the two devices or networks, and provide a secure connection for transmitting sensitive data.

In Azure, you can use an IPsec tunnel to create a site-to-site VPN connection between your on-premises network and your Azure virtual network. To create an IPsec tunnel, you will need to create an Azure Connection resource in Azure and specify the connection type as “IPSec.”

To create an Azure Connection with an IPsec tunnel, you will need to complete the following steps:

1. Create a resource group: Create a resource group in Azure to host your Azure Connection resource. A resource group is a logical container for your Azure resources, and enables you to manage, deploy, and delete your resources as a group.
2. Create a virtual network gateway: Create a virtual network gateway resource in Azure to represent your Azure virtual network. You will need to specify the virtual network and public IP address that you want to use for the gateway.
3. Create a local network gateway: Create a local network gateway resource in Azure to represent your on-premises network. You will need to specify the address space and BGP settings for your on-premises network.
4. Create an Azure Connection: Create an Azure Connection resource in Azure and specify the virtual network gateway, local network gateway, and connection type as “IPSec.” You will also need to specify the shared key (pre-shared key) that will be used to authenticate the connection.
5. Configure your on-premises VPN device: Configure your on-premises VPN device to connect to your Azure virtual network gateway. You will need to provide the connection settings and authentication credentials for your Azure Connection to your VPN device.

In summary, to create an IPsec tunnel in Azure, you will need to create a resource group, virtual network gateway, local network gateway, and Azure Connection resource, and configure your on-premises VPN device. This will enable you to create a secure, encrypted connection between your on-premises network and your Azure virtual network.