Forum Discussion

AzureBrian's avatar
AzureBrian
Brass Contributor
Apr 16, 2021
Solved

Need For Local Network Gateway when connecting Azure S2S tunnel to AWS

Greetings.  According to this article and several others I've read on connecting Azure to AWS resources, a Local Network Gateway is required to be provisioned and configured along with an Azure VPN G...
  • AzureBrian's avatar
    AzureBrian
    Apr 23, 2021

    Hi KennethML and ibnmbodji.  Thanks for your continued discourse on this. After reviewing your image and comparing with my setup, I think I left out an important detail.  My Azure VPN Gateway is based on a "classic" Service Model based-VNET, rather than ARM-based.  Per https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#lng , in the classic deployment model, the LNG is called a "Local Site" and so the portal interface is different than what you see.  So, I think that's my answer and that difference in terminology was what was throwing me off.  Thanks again for your help in getting me to the answer!

     

    Brian

KennethML's avatar
KennethML
MCT
Apr 20, 2021
Hi Brian.
When you create a S2S VPN tunnel, you always need to have 2 endpoints. In case of an Azure S2S VPN, one is the Azure VPN gateway, one is the Local Network Gateway. In Azure, the LNG is just a definition of where the S2S VPN tunnel is terminating.
So when you create the LNG in Azure, you must point this to the IP address of the VPG in AWS and target the Azure VNG as the AWS Customer Gateway.
/Kenneth ML
AzureBrian's avatar
AzureBrian
Brass Contributor
Apr 20, 2021
Thanks Kenneth for your response. I guess what I'm missing is how this is different than other S2S VPN tunnels. For example, when I setup a tunnel to an on-prem location, the other end of the tunnel just terminates on the device (gateway) at the on-prem location. No local network gateway is needed on our end. Yet, with an AWS connection, this local network gateway is needed?

Thanks,

Brian

Resources