This post is part 1 of a small series and stems from this post https://marckean.com/2016/05/17/azure-resource-groups-networks/
The following is some PowerShell I put together that ends up setting up a full Virtual Network along with a Local network gateway, Public IP address and Virtual Network Gateway in the same Resource Group. This will set all this up into a separate Azure Resource Group on its own, which I recommend to keep the network part of your Azure environment separate, then you can easily deploy other resources in other Resource Groups, e.g. Virtual Machines which all can be attached to this Virtual Network, even though it’s in another Resource Group. Also to the fact that with RBAC, you can delegate access to the network team or someone with this know how to manage the Azure network resources.
For information and templates to help setup the other side of the VPN tunnel i.e. VPN device scripts, see https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/
Below you will need to change the variables to suit yourself. When running the script, it will take a long time in the section where it creates the Virtual Network Gateway, about 20-40 mins. Also takes this long when deleting the Virtual Network Gateway, so make sure you have this correct before deploying it, otherwise you’ll end up wasting heaps of time.
BTW, I am using the Azure PowerShell module v1.4.0 I got from here: https://github.com/Azure/azure-powershell/releases (a full download instead of the web installer).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Log into Azure ARM | |
| Login–AzureRmAccount | |
| ### Choose subscription 'new' Azure | |
| $subscription = (Get-AzureRmSubscription | Out-GridView –Title "Select the Azure subscription that you want to use …" –PassThru).SubscriptionName | |
| Select-AzureRmSubscription –SubscriptionName $subscription | |
| Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Network\AzureRM.Network.psd1" | |
| ########################################################################## | |
| ############################# vNet ############################## | |
| ########################################################################## | |
| $vNetRGName = "Show-vNet" | |
| $location = "australiaeast" | |
| ### Create the Resource Group | |
| cls | |
| Write-Host "`n`tCreating the target resource group $vNetRGName (if it don't exist already)…" –ForegroundColor Cyan | |
| #region | |
| if(!(Get-AzureRmResourceGroup –Name $vNetRGName –Location $location –ErrorAction SilentlyContinue)){ | |
| New-AzureRmResourceGroup –Name $vNetRGName –Location $location –Force} | |
| #Virtual Network | |
| $vNetName = "Demo-vNet" | |
| $vNetPrefix = "10.123.0.0/16" # 10.123.0.1 -> 10.123.255.254 | |
| $DMZSubnetName = "DMZ" | |
| $DMZSubnetPrefix = "10.123.250.0/24" | |
| $IntSubnetName = "Internal" | |
| $IntSubnetPrefix = "10.123.10.0/24" | |
| $GWSubnetName = "GatewaySubnet" | |
| $GWSubnetPrefix = "10.123.2.0/28" | |
| ### Create Virtual Network | |
| $DMZSubnet = New-AzureRmVirtualNetworkSubnetConfig –Name $DMZSubnetName –AddressPrefix $DMZSubnetPrefix | |
| $IntSubnet = New-AzureRmVirtualNetworkSubnetConfig –Name $IntSubnetName –AddressPrefix $IntSubnetPrefix | |
| $GWSubnet = New-AzureRmVirtualNetworkSubnetConfig –Name $GWSubnetName –AddressPrefix $GWSubnetPrefix | |
| $vnet = New-AzureRmVirtualNetwork –Name $vNetName –ResourceGroupName $vNetRGName –Location $location –AddressPrefix $vNetPrefix –Subnet $DMZSubnet,$IntSubnet,$GWSubnet | |
| ########################################################################## | |
| ############################# VPN ############################## | |
| ########################################################################## | |
| ### Create vNet Gateway | |
| ### Create the Resource Group | |
| $LocalSite = "SoftLayer" | |
| $GWIPName = "Demo-GWIP" | |
| $gwipconfig = "Demo-GWIPName" | |
| $vnetgwName = "Demo-vNetGW" | |
| $VPNconnection = "LocalToVPN" | |
| $SharedKey = "4wer64erh0js35u4689" | |
| $GatewayIpAddress = '168.1.113.85' | |
| $AddressPrefix = '192.168.111.0/24' | |
| New-AzureRmLocalNetworkGateway –Name $LocalSite –ResourceGroupName $vNetRGName –Location $location –GatewayIpAddress $GatewayIpAddress –AddressPrefix $AddressPrefix # @('10.0.0.0/24','20.0.0.0/24') | |
| $gwpip = New-AzureRmPublicIpAddress –Name $GWIPName –ResourceGroupName $vNetRGName –Location $location –AllocationMethod Dynamic | |
| $vnet = Get-AzureRmVirtualNetwork –Name $vNetName –ResourceGroupName $vNetRGName | |
| $subnet = Get-AzureRmVirtualNetworkSubnetConfig –Name $GWSubnetName –VirtualNetwork $vnet | |
| $gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig –Name $gwipconfig –SubnetId $subnet.Id –PublicIpAddressId $gwpip.Id | |
| ### Create the vNet Gateway | |
| New-AzureRmVirtualNetworkGateway –Name $vnetgwName –ResourceGroupName $vNetRGName –Location $location –IpConfigurations $gwipconfig –GatewayType Vpn –VpnType RouteBased –GatewaySku Standard | |
| ########################################################################## | |
| ############################# Connection ############################# | |
| ########################################################################## | |
| ### Create the Connection | |
| $gateway = Get-AzureRmVirtualNetworkGateway –Name $vnetgwName –ResourceGroupName $vNetRGName | |
| $local = Get-AzureRmLocalNetworkGateway –Name $LocalSite –ResourceGroupName $vNetRGName | |
| New-AzureRmVirtualNetworkGatewayConnection –Name $VPNconnection –ResourceGroupName $vNetRGName –Location $location –VirtualNetworkGateway1 $gateway –LocalNetworkGateway2 $local –ConnectionType IPsec –RoutingWeight 10 –SharedKey $SharedKey | |
| # https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/ | |
| $local = Get-AzureRmLocalNetworkGateway –Name LocalSite –ResourceGroupName testrg | |
| Set-AzureRmLocalNetworkGateway –LocalNetworkGateway $local –AddressPrefix @('192.168.111.0/24') |
This is what is looks like in Azure:
My other blog post explains how to setup the other end of the tunnel based on Windows Server 2012 R2 (Routing & Remote Access).
Marc Kean 