About Me

My photo
I am MCSE in Data Management and Analytics with specialization in MS SQL Server and MCP in Azure. I have over 13+ years of experience in IT industry with expertise in data management, Azure Cloud, Data-Canter Migration, Infrastructure Architecture planning and Virtualization and automation. Contact me if you are looking for any sort of guidance in getting your Infrastructure provisioning automated through Terraform. I sometime write for a place to store my own experiences for future search and read by own blog but can hopefully help others along the way. Thanks.

Connect on Premise Network to Azure - Site to Site VPN Configuration using PowerShell

Login-AzureRmAccount


#create our base variables for our Resource Group
$rgName="RakAzureDC"
$locName="West Europe"
$saName="rakserverssa" #must be lower case
$vnetName="RakoNetAzure"

New-AzureRmResourceGroup -Name $rgName -Location $locName

 #Test-AzureName -Storage $saName

$saType="Standard_GRS"

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName –Type $saType -Location $locName

#Create Networking Components
#It's important to create one subnet named specifically GatewaySubnet. If you name it something else, our connection configuration will fail.
$Subnet=New-AzureRmVirtualNetworkSubnetConfig -Name Azure-Vnet-01 -AddressPrefix 10.10.10.0/27
$GatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.10.10.32/29
New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.10.10.0/24 -Subnet $Subnet,$GatewaySubnet -DnsServer 10.10.10.4,192.168.1.10

Get-AzureRmVirtualNetwork  -name $vnetName -ResourceGroupName $rgName | select subnets

$subnetIndex=0
$vnet=Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName

$nicName= "Internal"
$staticIP="10.10.10.4"

#add a public IP address via $pip so we can connect to it if we need to
$pip = New-AzureRmPublicIpAddress -Name $nicName -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic = New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[$subnetIndex].Id -PublicIpAddressId $pip.Id -PrivateIpAddress $staticIP





# don't know what VM sizes we have, so lets take a look
Get-AzureRmVMSize -Location $locName | Select Name

#name and size our Domain Controller
$vmName="AZURE-DC01"
$vmSize="Standard_A2"
$vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize


$pubName="MicrosoftWindowsServer"
$offerName="WindowsServer"
$skuName="2012-R2-Datacenter"


$cred=Get-Credential -Message "Type the name and password of the local administrator account."
$vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
$vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
$diskName="OSDisk"
$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName
$osDiskUri=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName + ".vhd"
$vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#####################
#Provision Network




#add our local Network site
#Name Nickname for our on-premises network
#NewGatewayIPAddress is the IP address of your on-premises VPN
#AddressPrefix is your on-premises address space.


New-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName -Location $locName -GatewayIpAddress '122.167.33.81' -AddressPrefix '192.168.1.0/24'


#request a public IP address for the gateway

$gwpip= New-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic

#create the gateway IP addressing configuration

$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id

#create the gateway - may wait a while

New-AzureRmVirtualNetworkGateway -Name vnetgw1  -ResourceGroupName $rgName -Location $locName -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased

#https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-create-site-to-site-rm-powershell/#7-configure-your-vpn-device

#Get the public IP address for the next step of building our connection script for RRAS either via powershell or via the Portal

Get-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName


#BUILD our RRAS Configuration

$gateway1 = Get-AzureRmVirtualNetworkGateway -Name vnetgw1 -ResourceGroupName $rgName

$local = Get-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName

New-AzureRmVirtualNetworkGatewayConnection -Name RakoToAzureVPN -ResourceGroupName $rgName -Location $locName -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'

Now you need to configure RRAS Server

After configuration of RRAS Server, try to connect.

Labels: ,