About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

Connect on Premise Network to Azure - Site to Site VPN Configuration using PowerShell

Login-AzureRmAccount


#create our base variables for our Resource Group
$rgName="RakAzureDC"
$locName="West Europe"
$saName="rakserverssa" #must be lower case
$vnetName="RakoNetAzure"

New-AzureRmResourceGroup -Name $rgName -Location $locName

 #Test-AzureName -Storage $saName

$saType="Standard_GRS"

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName –Type $saType -Location $locName

#Create Networking Components
#It's important to create one subnet named specifically GatewaySubnet. If you name it something else, our connection configuration will fail.
$Subnet=New-AzureRmVirtualNetworkSubnetConfig -Name Azure-Vnet-01 -AddressPrefix 10.10.10.0/27
$GatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.10.10.32/29
New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.10.10.0/24 -Subnet $Subnet,$GatewaySubnet -DnsServer 10.10.10.4,192.168.1.10

Get-AzureRmVirtualNetwork  -name $vnetName -ResourceGroupName $rgName | select subnets

$subnetIndex=0
$vnet=Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName

$nicName= "Internal"
$staticIP="10.10.10.4"

#add a public IP address via $pip so we can connect to it if we need to
$pip = New-AzureRmPublicIpAddress -Name $nicName -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic = New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[$subnetIndex].Id -PublicIpAddressId $pip.Id -PrivateIpAddress $staticIP





# don't know what VM sizes we have, so lets take a look
Get-AzureRmVMSize -Location $locName | Select Name

#name and size our Domain Controller
$vmName="AZURE-DC01"
$vmSize="Standard_A2"
$vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize


$pubName="MicrosoftWindowsServer"
$offerName="WindowsServer"
$skuName="2012-R2-Datacenter"


$cred=Get-Credential -Message "Type the name and password of the local administrator account."
$vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
$vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
$diskName="OSDisk"
$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName
$osDiskUri=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName + ".vhd"
$vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#####################
#Provision Network




#add our local Network site
#Name Nickname for our on-premises network
#NewGatewayIPAddress is the IP address of your on-premises VPN
#AddressPrefix is your on-premises address space.


New-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName -Location $locName -GatewayIpAddress '122.167.33.81' -AddressPrefix '192.168.1.0/24'


#request a public IP address for the gateway

$gwpip= New-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic

#create the gateway IP addressing configuration

$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id

#create the gateway - may wait a while

New-AzureRmVirtualNetworkGateway -Name vnetgw1  -ResourceGroupName $rgName -Location $locName -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased

#https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-create-site-to-site-rm-powershell/#7-configure-your-vpn-device

#Get the public IP address for the next step of building our connection script for RRAS either via powershell or via the Portal

Get-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName


#BUILD our RRAS Configuration

$gateway1 = Get-AzureRmVirtualNetworkGateway -Name vnetgw1 -ResourceGroupName $rgName

$local = Get-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName

New-AzureRmVirtualNetworkGatewayConnection -Name RakoToAzureVPN -ResourceGroupName $rgName -Location $locName -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'

Now you need to configure RRAS Server

After configuration of RRAS Server, try to connect.

Labels: ,