Forum Discussion
azure network setup with vpn, vnet and discrete subnets
Our networking / azure needs are pretty simple. We need a single vnet that doesn't span any regions (just uswest) and we need 4 subnets within that vnet for dev, qa, staging and prod which we can al...
Hi @AllenIsntSocial
Based on your requirements, it seems that the setup you currently have is more complicated than necessary. Here's a simplified version of what you need:
1. Create a Virtual Network (VNet) in the US West region.
2. Within that VNet, create 4 subnets for dev, qa, staging, and prod.
3. Create Network Security Groups (NSGs) for each subnet, and configure the rules to allow or deny access as needed.
4. Set up an Azure VPN Gateway with Point-to-Site (P2S) VPN configuration, and ensure that users must be connected to the VPN to access resources within the VNet.
5. Configure Azure Private DNS to resolve the names of your resources to their private IP addresses.
Here's a step-by-step guide to achieving the above:
1. Create a Virtual Network:
- Sign in to the Azure portal.
- Click on "Create a resource" and search for "Virtual Network".
- Click "Create" and fill in the required details (name, region, address space, etc.).
- Choose the US West region for your VNet.
2. Create subnets within the VNet:
- Go to your VNet resource in the Azure portal.
- Click on "Subnets" and then "Add" to create a new subnet.
- Create four subnets for dev, qa, staging, and prod with appropriate address ranges.
3. Create and configure Network Security Groups:
- In the Azure portal, click on "Create a resource" and search for "Network Security Group".
- Create an NSG for each subnet (dev, qa, staging, and prod).
- Configure the NSG rules to allow or deny traffic as needed for each subnet.
- Associate the NSGs with their respective subnets.
4. Set up the Azure VPN Gateway:
- In the Azure portal, click on "Create a resource" and search for "VPN Gateway".
- Choose the appropriate VNet, and configure the gateway with a new public IP address.
- Once the VPN Gateway is deployed, configure Point-to-Site VPN by following the instructions in the Azure documentation: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
5. Configure Azure Private DNS:
- In the Azure portal, click on "Create a resource" and search for "Private DNS".
- Create a new private DNS zone.
- Link the private DNS zone to your VNet.
- Add A records (with private IPs) for your resources (databases, app servers, Cosmos DB, etc.).
After completing these steps, your setup should be much simpler and more in line with your requirements. You will be using standard Azure services without any unnecessary customizations, and all access to the resources will be through the VPN.
Based on your requirements, it seems that the setup you currently have is more complicated than necessary. Here's a simplified version of what you need:
1. Create a Virtual Network (VNet) in the US West region.
2. Within that VNet, create 4 subnets for dev, qa, staging, and prod.
3. Create Network Security Groups (NSGs) for each subnet, and configure the rules to allow or deny access as needed.
4. Set up an Azure VPN Gateway with Point-to-Site (P2S) VPN configuration, and ensure that users must be connected to the VPN to access resources within the VNet.
5. Configure Azure Private DNS to resolve the names of your resources to their private IP addresses.
Here's a step-by-step guide to achieving the above:
1. Create a Virtual Network:
- Sign in to the Azure portal.
- Click on "Create a resource" and search for "Virtual Network".
- Click "Create" and fill in the required details (name, region, address space, etc.).
- Choose the US West region for your VNet.
2. Create subnets within the VNet:
- Go to your VNet resource in the Azure portal.
- Click on "Subnets" and then "Add" to create a new subnet.
- Create four subnets for dev, qa, staging, and prod with appropriate address ranges.
3. Create and configure Network Security Groups:
- In the Azure portal, click on "Create a resource" and search for "Network Security Group".
- Create an NSG for each subnet (dev, qa, staging, and prod).
- Configure the NSG rules to allow or deny traffic as needed for each subnet.
- Associate the NSGs with their respective subnets.
4. Set up the Azure VPN Gateway:
- In the Azure portal, click on "Create a resource" and search for "VPN Gateway".
- Choose the appropriate VNet, and configure the gateway with a new public IP address.
- Once the VPN Gateway is deployed, configure Point-to-Site VPN by following the instructions in the Azure documentation: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
5. Configure Azure Private DNS:
- In the Azure portal, click on "Create a resource" and search for "Private DNS".
- Create a new private DNS zone.
- Link the private DNS zone to your VNet.
- Add A records (with private IPs) for your resources (databases, app servers, Cosmos DB, etc.).
After completing these steps, your setup should be much simpler and more in line with your requirements. You will be using standard Azure services without any unnecessary customizations, and all access to the resources will be through the VPN.