The connection type (IPSec) and the key shared with the Azure VPN Gateway to encrypt traffic. Indicates the target IP of the VPN gateway in Azure, as well as the address space of the Azure virtual network. A special subnet required to deploy the VPN Gateway on Azure Stack. The Azure Stack VPN gateway sends encrypted traffic across a public connection to virtual IP (VIP) addresses and includes the following components: A network environment on an Azure Stack tenant subscription, running within an organization. A private local-area network running within an organization.Īzure Stack. The architecture consists of the following components. Create a connection to the virtual machine using the included Azure Bastion host, open a web browser, and navigate to the address of the application's network load balancer.įor detailed information and additional deployment options, see the ARM Templates used to deploy this solution. The IIS instance found in the spoke network can be accessed from the virtual machine located in the mock on-prem network. While in the Azure portal, search for 'connections' and note that the status of each connection. Once the deployment has been completed, verify site-to-site connectivity by looking at the newly created connection resources.
New-AzSubscriptionDeployment -Location eastus ` These values are used to log into the included virtual machines. When prompted, enter values for an admin user name and password. Run the following command to deploy two resource groups and the secure network reference architecture using PowerShell. az deployment sub create -location eastus \ Run the following command to deploy two resource groups and the secure network reference architecture using the Azure CLI. Use the following button to deploy the reference using the Azure portal. The recommended deployment method is using the portal option found below. This deployment can take up to 45 minutes to complete. This configuration is very similar to how you would connect your on-premises datacenter to Azure. The mock on-premises network and the hub network are connected using Azure Virtual Network gateways to form a site-to-site connection. This deployment creates two resource groups the first holds a mock on-premises network, the second a set of hub and spoke networks. A virtual network in Azure Stack also connects to the VPN gateway through public VIPs.ĭownload a Visio file of this architecture. An on-premises network connects to an Azure virtual network through a VPN gateway. Traffic flows between the on-premises network and Azure through an IPSec VPN tunnel or through the Azure Stack multitenant VPN gateway.Ī diagram of the VPN gateway architecture.
This reference architecture shows how to extend a network from on premises or from Azure Stack into an Azure virtual network, using a site-to-site virtual private network (VPN).