VNet-to-VNet connectivity is another option to connect two virtual networks. When peering was not available in Azure, VNet-to-VNet connection was the only option to connect two virtual networks either in same region or in two different regions. Connecting a virtual network to another virtual network (VNet-to-VNet) is like connecting a VNet to an on-premises site location. Both connectivity types use an Azure VPN gateway to provide a secure tunnel using IPsec/IKE.
The VNets you connect can be:
- In the same or different regions
- In the same or different subscriptions
- In the same or different deployment models
Let me explain you, how to set it up step by step. Login to the Azure Portal and go to the virtual network.
As you are going to setup a VNet-to-VNet connectivity between two virtual networks, therefore a Gateway subnet and a Network gateway is required in both virtual networks.
Select subnet under settings in virtual network, select “+ Gateway subnet” to create a gateway subnet for this virtual network.
Select an address range that will be used by this network gateway. By default, it selects next available address range.
In my case, I am using last subnet of my address space for gateway subnet.
Once added, you can review all used subnets in subnet panel.
Once, you have setup the subnet gateway in your virtual network then move on and create virtual network gateway to attach with gateway subnet.
Define the name of the virtual network gateway. Select the gateway type to “VPN” as we are establishing VNet-to-VNet connection. Select VPN type either Route-based or Policy-based according to your requirements. Select the VPN SKU based on your need.
Gateway SKUs by tunnel, connection, and throughput:
|VpnGw1||Max. 30||Max. 128||650 Mbps|
|VpnGw2||Max. 30||Max. 128||1 Gbps|
|VpnGw3||Max. 30||Max. 128||1.25 Gbps|
|Basic||Max. 10||Max. 128||100 Mbps|
Select the resource group, location and subscription etc.
Select your virtual network for which you are setting up this virtual network gateway.
Create new public IP address for your virtual network gateway.
Create public IP address using either Basic SKU or Standard SKU.
Once you are done with all the details, click on “Create” to deploy virtual network gateway.
Follow the same steps for another virtual network as well.
Once completed above steps in both the virtual networks now this is a time to establish a connection between both virtual network gateways which belongs to their respective virtual networks so that both the virtual networks can talk to each other. To do this, go to the “+ Create a resource” and search for “connection”.
Select the “Connection”.
Click on “Create” to establish a connection between virtual networks.
In basic settings select the type of the connection to VNet-to-VNet. Select the appropriate subscription, resource group and location.
Once configured all the basic settings, select “OK”.
Select both the virtual network gateways that needs to be connected, select the checkbox “Establish bidirectional connectivity” if you want to establish two-way connection. Define first and second connection names and then shared key to establish a secure connection.
Select first virtual network gateway.
Select second virtual network gateway.
Define both first and second connection name and enter the shared key, select OK.
Review the details in summary page and select OK to create a connection between virtual network gateways.
Once completed successfully, resources can talk to each other across virtual networks.