Forum Discussion
Need For Local Network Gateway when connecting Azure S2S tunnel to AWS
Hi KennethML and ibnmbodji. Thanks for your continued discourse on this. After reviewing your image and comparing with my setup, I think I left out an important detail. My Azure VPN Gateway is based on a "classic" Service Model based-VNET, rather than ARM-based. Per https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#lng , in the classic deployment model, the LNG is called a "Local Site" and so the portal interface is different than what you see. So, I think that's my answer and that difference in terminology was what was throwing me off. Thanks again for your help in getting me to the answer!
Brian
Thanks,
Brian
The LNG in Azure is really just a pointer to the "other side", this can be another Azure VNG, AWS VPG or on-premise gateway. In Azure you then define the connection between VNG and LNG. Does it make sense??
- Hi Kenneth. Thanks again for your response. This still does not explain why an LNG is not needed for other connections. What's special about the connection to AWS that requires the LNG??? As I mentioned above, I have S2S tunnels to many other on-prem locations and don't need an LNG. Why is this required for AWS and not others? Is it due to incompatibilities between AWS VPGs and Azure VPN GWs?
Hi Brian.
I am sorry, but you do need to define an Local Network Gateway in Azure to create a S2S VPN. Otherwise the S2S VPN connection doesn't know which host to connect to. If you have S2S VPN connections you've got to have defined LNGs.If you use P2S (point to site) VPN, you're right, then you don't need to define a Local Network Gateway.
I have attached an screenshot of a S2S connection definition between an Azure subscription and my home office, in the image you'll see a marking box showing the LNG definition, please disregard the connection is not established. I suggest you have a look at your own subscription and post an image, if you still don't see it.
Hi KennethML and ibnmbodji. Thanks for your continued discourse on this. After reviewing your image and comparing with my setup, I think I left out an important detail. My Azure VPN Gateway is based on a "classic" Service Model based-VNET, rather than ARM-based. Per https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#lng , in the classic deployment model, the LNG is called a "Local Site" and so the portal interface is different than what you see. So, I think that's my answer and that difference in terminology was what was throwing me off. Thanks again for your help in getting me to the answer!
Brian
