Exercise - Prepare Azure and on-premises virtual networks by using Azure CLI commands

  • 6 minutes

Your company is now ready to deploy a site-to-site VPN that allows your on-premises servers to connect to resources in Azure. You can then start to securely share data from each of your sites, and you can use resources hosted in Azure across your organization.

Start by creating your Azure-side resources and on-premises network resources. For this deployment, you use the following network topology.

Diagram of network topology for unit 3 exercise.

In this exercise, we simulate an on-premises datacenter (HQ-Network) by using an additional Azure virtual network. There are many makes and models of on-premises VPN devices, and it isn't possible to describe their configuration in this unit. The logical method of configuration is the same for a VPN device. You just need to replace the steps for HQ-Network with steps tailored to your on-premises device.

In the previous diagram, notice that the local network gateway names in each location reflect the target networks rather than the source network. This naming convention is a good practice. It clarifies that the local network gateway refers to the other network that you're connecting to.

In this unit, you configure the virtual networks with a subnet, add a gateway subnet, and then create the local network gateway by using the Azure CLI.

Note

This exercise is optional. If you want to complete this exercise, you'll need to create an Azure subscription before you begin. If you don't have an Azure account or you don't want to create one at this time, you can read through the instructions so you understand the information that's being presented.

Note

You need to use a resource group to complete the steps in this exercise. You can use a resource group that you already created, or you can create a new resource group specifically for this exercise. If you choose to create a new resource group, that will make it easier to clean up any resources that you create as you complete the exercise. If you don't have an existing resource group or you want to create a new one specifically for this exercise, you can follow the steps in Use the Azure portal and Azure Resource Manager to manage resource groups to create a resource group by using the Azure portal, or you can follow the steps in Manage Azure resource groups by using Azure CLI to create a resource group by using the the Azure CLI.

Note

Throughout this exercise, replace myResourceGroupName in the examples with the name of an existing resource group, or the name of the resource group that you created for this exercise.

Create the Azure-side resources

  1. Run the following command in Azure Cloud Shell to create the Azure-VNet-1 virtual network and the Services subnet:

    az network vnet create \
    --resource-group "myResourceGroupName" \
    --name Azure-VNet-1 \
    --address-prefixes 10.0.0.0/16 \
    --subnet-name Services \
    --subnet-prefixes 10.0.0.0/24

  2. Run the following command in Cloud Shell to add the GatewaySubnet subnet to Azure-VNet-1:

    az network vnet subnet create \
    --resource-group "myResourceGroupName" \
    --vnet-name Azure-VNet-1 \
    --address-prefixes 10.0.255.0/27 \
    --name GatewaySubnet

  3. Run the following command in Cloud Shell to create the LNG-HQ-Network local network gateway:

    az network local-gateway create \
    --resource-group "myResourceGroupName" \
    --gateway-ip-address 94.0.252.160 \
    --name LNG-HQ-Network \
    --local-address-prefixes 10.1.0.0/16

    This gateway represents the on-premises network that you're connecting to. The IP address specified as the remote gateway (which is the simulated on-premises network) must be updated later because it doesn't exist yet in our scenario.

Create the simulated on-premises network and supporting resources

  1. Run the following command in Cloud Shell to create the HQ-Network virtual network and the Applications subnet:

    az network vnet create \
    --resource-group "myResourceGroupName" \
    --name HQ-Network \
    --address-prefixes 172.16.0.0/16 \
    --subnet-name Applications \
    --subnet-prefixes 172.16.0.0/24

  2. Run the following command in Cloud Shell to add GatewaySubnet to HQ-Network:

    az network vnet subnet create \
    --resource-group "myResourceGroupName" \
    --address-prefixes 172.16.255.0/27 \
    --name GatewaySubnet \
    --vnet-name HQ-Network

  3. Run the following command in Cloud Shell to create the LNG-Azure-VNet-1 local network gateway:

    az network local-gateway create \
    --resource-group "myResourceGroupName" \
    --gateway-ip-address 94.0.252.160 \
    --name LNG-Azure-VNet-1 \
    --local-address-prefixes 172.16.255.0/27

    This gateway describes the Azure network that you're connecting to. You update the IP address specified as the remote gateway (which is in Azure) later.

Verify the topology

  1. Run the following command in Cloud Shell to verify that the virtual networks have been successfully created:

    az network vnet list --output tsv

  2. Run the following command in Cloud Shell to verify that the local network gateways have been successfully created:

    az network local-gateway list \
    --resource-group "myResourceGroupName" \
    --output table

The following diagram shows the resources that you've deployed.

Diagram of resources deployed during unit 3 exercise.