How to create a VPN between Azure and AWS using only managed solutions

Published Jun 17 2021 12:48 PM 5,018 Views
Microsoft

What if you can establish a connection between Azure and AWS using only managed solutions instead to have to use virtual machines? This is exactly what we'll be covering on this article connecting AWS Virtual Private Gateway with the Azure VPN Gateway directly without worry to manage IaaS resources like virtual machines.

 

Below the draw of our lab:

draw.png

 

Regarding the high availability, please note that on AWS, by default a VPN connection always will have 2 Public IPs, one per tunnel. On Azure it doesn't happens by default and in this case you will be using Active/Passive from Azure side.

 

This means that we will be setting only one "node" from Azure VPN Gateway to establish two VPN connections with AWS. In case of a failure, the second node from Azure VPN Gateway will connect to AWS in a Active/Passive mode.

 

Configuring Azure

 

1. Crate a resource group on Azure to deploy the resources on that

 

newrg.png

 

create.png

 

Choose the subscription, the name and the region to be deployed:

 

creating.png

 

2. Create a Virtual Network and a subnet

 

createvnet.png

 

createvnetbutton.png

 

Define the subscription, resource group, name and region to be deployed:

 

vnetdefinitions.png

 

Set the address space for the virtual network and for the subnet. Here I'm defining the virtual network address space to 172.10.0.0/16, changing the "default" subnet name to "subnet-01" and defining the subnet address range to 172.10.1.0/24:

 

vnetaddr.png

 

vnetvalidation.png

 

3. Create the VPN Gateway

 

The Azure VPN Gateway is a resource composed of 2 or more VM's that are deployed to a specific subnet called Gateway Subnet where the recommendation is to use a /27. He contain routing tables and run specific gateway services. Note that you can't access those VM's.

To create, go to your Resource Group, then click to + Add

 

addvpngw.png

 

newvpngw.png

 

createvpngw.png

 

Then fill the fields like below:

 

vpngwsummary.png

 

After click to Review + create, in a few minutes the Virtual Network Gateway will be ready:

 

vpnready.png

 

Configuring AWS

 

4. Create the Virtual Private Cloud (VPC)

 

createvpc.png

 

5. Create a subnet inside the VPC (Virtual Network)

 

createsubnetvpc.png

 

6. Create a customer gateway pointing to the public ip address of Azure VPN Gateway

 

The Customer Gateway is an AWS resource with information to AWS about the customer gateway device, which in this case is the Azure VPN Gateway.

 

createcustomergw.png

 

7. Create the Virtual Private Gateway then attach to the VPC

 

createvpg.png

 

attachvpgtovpc.png

 

attachvpgtovpc2.png

 

8. Create a site-to-site VPN Connection

 

createvpnconnection.png

 

Set the routing as static pointing to the azure subnet-01 prefix (172.10.1.0/24)

 

setstaticroute.png

 

After fill the options, click to create.

 

9. Download the configuration file

 

Please note that you need to change the Vendor, Platform and Software to Generic since Azure isn't a valid option:

 

downloadconfig.png

 

In this configuration file you will note that there are the Shared Keys and the Public Ip Address for each of one of the two IPSec tunnels created by AWS:

 

ipsec1.png

 

ipsec1config.png

 

ipsec2.png

 

ipsec2config.png

 

After the creation, you should have something like this:

 

awsvpnconfig.png

 

Adding the AWS information on Azure Configuration

 

10. Now let’s create the Local Network Gateway

 

The Local Network Gateway is an Azure resource with information to Azure about the customer gateway device, in this case the AWS Virtual Private Gateway

 

newlng.png

 

createnewlng.png

 

Now you need to specify the public ip address from the AWS Virtual Private Gateway and the VPC CIDR prefix.

Please note that the public address from the AWS Virtual Private Gateway is described at the configuration file you have downloaded.

As mentioned earlier, AWS creates two IPSec tunnels to high availability purposes. I'll use the public ip address from the IPSec Tunnel #1 for now.

 

lngovwerview.png

 

11. Then let's create the connection on the Virtual Network Gateway

 

createconnection.png

 

createconnection2.png

 

You should fill the fields according below. Please note that the Shared key was obtained at the configuration file downloaded earlier and In this case, I'm using the Shared Key for the Ipsec tunnel #1 created by AWS and described at the configuration file.

 

createconnection3.png

 

After a few minutes, you can see the connection established:

 

connectionstablished.png

 

In the same way, we can check on AWS that the 1st tunnel is up:

 

awsconnectionstablished.png

 

Now let's edit the route table associated with our VPC

 

editawsroute.png

 

And add the route to Azure subnet through the Virtual Private Gateway:

 

saveawsroute.png

 

12. Adding high availability

 

Now we can create a 2nd connection to ensure high availability. To do this let's create another Local Network Gateway which we will point to the public ip address of the IPSec tunnel #2 on the AWS

 

createlngstandby.png

 

Then we can create the 2nd connection on the Virtual Network Gateway:

 

createconnectionstandby.png

 

And in a few moments we'll have:

 

azuretunnels.png

 

awstunnels.png

 

With this, our VPN connection is established on both sides and the work is done.

 

13. Let's test!

 

First, let's add an Internet Gateway to our VPC at AWS. The Internet Gateway is a logical connection between an Amazon VPN and the Internet. This resource will allow us to connect through the test VM from their public ip through internet. This is not required for the VPN connection, is just for our test:

 

createigw.png

 

After create, let's attach to the VPC:

 

attachigw.png

 

attachigw2.png

 

Now we can create a route to allow connections to 0.0.0.0/0 (Internet) through the Internet Gateway:

 

allowinternetigw.png

 

On Azure the route was automatically created. You can check selecting the Azure VM > Networking > Network Interface > Effective routes. Note that we have 2 (1 per connection):

 

azureeffectiveroutes.png

 

Now I've created a Linux VM on Azure and our environment looks like this:

 

azoverview.png

 

And I did the same VM creation on AWS that looks like this:

 

awsoverview.png

 

Then we can test the connectivity betweeen Azure and AWS through our VPN connection:

 

azureping.png

 

awsping.png

 

3 Comments
New Contributor

Thanks @rmmartins 

Occasional Visitor

@rmmartins 
Thank you very much for the steps.
I need some high level guidance for our use-case, if you don't mind please. 
Ours is a early stage startup company. We are trying to setup secure employees login/connections to our AWS environment. We have all our 10 employees using office365. We do have Azure subscription too. 

How could I setup this use-case:-

Create Azure VNet Gateway and Azure VPN (I think we know steps for this).
Create a Virtual Desktop (either Ubuntu or Windows,  in AWS or within Azure) for Multi-User session mode. 
All our employees should login to Azure VPN client on their own personal laptops using Azure AD(O365) login; after that employees should login to the Virtual Desktop using SSO via Azure AD.  After logging in to Virtual Desktop only our engineers should be able to connect to our AWS resources like AWS EKS or AWS RDS or anything which is in our AWS private subnet using  AWS SSO via Azure AD. 

Please provide some high level steps or point me to some resources which could help. Please & Thank you. 

Occasional Visitor

@Chandu_P , use Azure AD Aplication Proxy to publish Private Web Applications, without using VPN or connections between Azure and AWS, you only need to deploy a proxy Machine in you AWS VPC with Internet Connection.

For AWS administrative tasks, in management console, use AWS SSO + Azure AD

%3CLINGO-SUB%20id%3D%22lingo-sub-2281900%22%20slang%3D%22en-US%22%3EHow%20to%20create%20a%20VPN%20between%20Azure%20and%20AWS%20using%20only%20managed%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2281900%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20if%20you%20can%20establish%20a%20connection%20between%20Azure%20and%20AWS%20using%20only%20managed%20solutions%20instead%20to%20have%20to%20use%20virtual%20machines%3F%26nbsp%3BThis%20is%20exactly%20what%20we'll%20be%20covering%20on%20this%20article%20connecting%20AWS%20Virtual%20Private%20Gateway%20with%20the%20Azure%20VPN%20Gateway%20directly%20without%20worry%20to%20manage%20IaaS%20resources%20like%20virtual%20machines.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBelow%20the%20draw%20of%20our%20lab%3A%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--437531139%22%20id%3D%22toc-hId--437531109%22%20id%3D%22toc-hId--437531109%22%20id%3D%22toc-hId--437531109%22%20id%3D%22toc-hId--437531109%22%20id%3D%22toc-hId--437531109%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22draw.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274808iB13FBB48CBAD7B59%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22draw.png%22%20alt%3D%22draw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegarding%20the%20high%20availability%2C%20please%20note%20that%20on%20AWS%2C%20by%20default%20a%20VPN%20connection%20always%20will%20have%202%20Public%20IPs%2C%20one%20per%20tunnel.%20On%20Azure%20it%20doesn't%20happens%20by%20default%20and%20in%20this%20case%20you%20will%20be%20using%20Active%2FPassive%20from%20Azure%20side.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20means%20that%20we%20will%20be%20setting%20only%20one%20%22node%22%20from%20Azure%20VPN%20Gateway%20to%20establish%20two%20VPN%20connections%20with%20AWS.%20In%20case%20of%20a%20failure%2C%20the%20second%20node%20from%20Azure%20VPN%20Gateway%20will%20connect%20to%20AWS%20in%20a%20Active%2FPassive%20mode.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-2049981694%22%20id%3D%22toc-hId-2049981724%22%20id%3D%22toc-hId-2049981724%22%20id%3D%22toc-hId-2049981724%22%20id%3D%22toc-hId-2049981724%22%20id%3D%22toc-hId-2049981724%22%3EConfiguring%20Azure%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E1.%20Crate%20a%20resource%20group%20on%20Azure%20to%20deploy%20the%20resources%20on%20that%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22newrg.png%22%20style%3D%22width%3A%20825px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274985i90B6EAEBA0804C23%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22newrg.png%22%20alt%3D%22newrg.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22create.png%22%20style%3D%22width%3A%20455px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274986i82FBBBB958E841B4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22create.png%22%20alt%3D%22create.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EChoose%20the%20subscription%2C%20the%20name%20and%20the%20region%20to%20be%20deployed%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22creating.png%22%20style%3D%22width%3A%20748px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274987i55CE31A9FCCC2892%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22creating.png%22%20alt%3D%22creating.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E2.%20Create%20a%20Virtual%20Network%20and%20a%20subnet%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvnet.png%22%20style%3D%22width%3A%20907px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274988iB388371627823849%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvnet.png%22%20alt%3D%22createvnet.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvnetbutton.png%22%20style%3D%22width%3A%20495px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274989i275A0A2F36C9BFD4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvnetbutton.png%22%20alt%3D%22createvnetbutton.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EDefine%20the%20subscription%2C%20resource%20group%2C%20name%20and%20region%20to%20be%20deployed%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22vnetdefinitions.png%22%20style%3D%22width%3A%20775px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274990i900B14E85FF86A73%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22vnetdefinitions.png%22%20alt%3D%22vnetdefinitions.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESet%20the%20address%20space%20for%20the%20virtual%20network%20and%20for%20the%20subnet.%20Here%20I'm%20defining%20the%20virtual%20network%20address%20space%20to%26nbsp%3B%3CSTRONG%3E172.10.0.0%2F16%3C%2FSTRONG%3E%2C%20changing%20the%20%22default%22%20subnet%20name%20to%26nbsp%3B%3CSTRONG%3E%22subnet-01%22%3C%2FSTRONG%3E%26nbsp%3Band%20defining%20the%20subnet%20address%20range%20to%26nbsp%3B%3CSTRONG%3E172.10.1.0%2F24%3C%2FSTRONG%3E%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22vnetaddr.png%22%20style%3D%22width%3A%20768px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274991i4B641CFD060A6086%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22vnetaddr.png%22%20alt%3D%22vnetaddr.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22vnetvalidation.png%22%20style%3D%22width%3A%20538px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274992iE1C87E39F7F64234%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22vnetvalidation.png%22%20alt%3D%22vnetvalidation.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E3.%26nbsp%3BCreate%20the%20VPN%20Gateway%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Azure%20VPN%20Gateway%20is%20a%20resource%20composed%20of%202%20or%20more%20VM's%20that%20are%20deployed%20to%20a%20specific%20subnet%20called%20Gateway%20Subnet%20where%20the%20recommendation%20is%20to%20use%20a%20%2F27.%20He%20contain%20routing%20tables%20and%20run%20specific%20gateway%20services.%20Note%20that%20you%20can't%20access%20those%20VM's.%3C%2FP%3E%0A%3CP%3ETo%20create%2C%20go%20to%20your%20Resource%20Group%2C%20then%20click%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%2B%20Add%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22addvpngw.png%22%20style%3D%22width%3A%20853px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274994i69F2EC73CDA0A09A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22addvpngw.png%22%20alt%3D%22addvpngw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22newvpngw.png%22%20style%3D%22width%3A%20687px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274996iE2A9970B656D7C66%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22newvpngw.png%22%20alt%3D%22newvpngw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvpngw.png%22%20style%3D%22width%3A%20596px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274997iF62840F8AB89CD31%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvpngw.png%22%20alt%3D%22createvpngw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20fill%20the%20fields%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vpngwsummary.png%22%20style%3D%22width%3A%20652px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274998iE57963675569F9A2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22vpngwsummary.png%22%20alt%3D%22vpngwsummary.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20click%20to%20Review%20%2B%20create%2C%20in%20a%20few%20minutes%20the%20Virtual%20Network%20Gateway%20will%20be%20ready%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22vpnready.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274999i396F8793D3D6F3C2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22vpnready.png%22%20alt%3D%22vpnready.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-242527231%22%20id%3D%22toc-hId-242527261%22%20id%3D%22toc-hId-242527261%22%20id%3D%22toc-hId-242527261%22%20id%3D%22toc-hId-242527261%22%20id%3D%22toc-hId-242527261%22%3EConfiguring%20AWS%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E4.%20Create%20the%20Virtual%20Private%20Cloud%20(VPC)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvpc.png%22%20style%3D%22width%3A%20857px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275000iEDF4E803D73D93E4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvpc.png%22%20alt%3D%22createvpc.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E5.%20Create%20a%20subnet%20inside%20the%20VPC%20(Virtual%20Network)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createsubnetvpc.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275001i7283793A1A2AEC82%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createsubnetvpc.png%22%20alt%3D%22createsubnetvpc.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E6.%20Create%20a%20customer%20gateway%20pointing%20to%20the%20public%20ip%20address%20of%20Azure%20VPN%20Gateway%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Customer%20Gateway%20is%20an%20AWS%20resource%20with%20information%20to%20AWS%20about%20the%20customer%20gateway%20device%2C%20which%20in%20this%20case%20is%20the%20Azure%20VPN%20Gateway.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createcustomergw.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275004i8C0A6D4FA224A91B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createcustomergw.png%22%20alt%3D%22createcustomergw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E7.%20Create%20the%20Virtual%20Private%20Gateway%20then%20attach%20to%20the%20VPC%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvpg.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275005i3F01FB337C6EBCDF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvpg.png%22%20alt%3D%22createvpg.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22attachvpgtovpc.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275006iDFEE641BFF57F04A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22attachvpgtovpc.png%22%20alt%3D%22attachvpgtovpc.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22attachvpgtovpc2.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275007iA0297EE442A219D3%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22attachvpgtovpc2.png%22%20alt%3D%22attachvpgtovpc2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E8.%20Create%20a%20site-to-site%20VPN%20Connection%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createvpnconnection.png%22%20style%3D%22width%3A%20839px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275008i22E1A1619AD2EFCF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createvpnconnection.png%22%20alt%3D%22createvpnconnection.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESet%20the%20routing%20as%20static%20pointing%20to%20the%20azure%20subnet-01%20prefix%20(172.10.1.0%2F24)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22setstaticroute.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275009iB319CB6F65D620C6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22setstaticroute.png%22%20alt%3D%22setstaticroute.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20fill%20the%20options%2C%20click%20to%20create.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E9.%20Download%20the%20configuration%20file%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20note%20that%20you%20need%20to%20change%20the%20Vendor%2C%20Platform%20and%20Software%20to%26nbsp%3BGeneric%26nbsp%3Bsince%20Azure%20isn't%20a%20valid%20option%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22downloadconfig.png%22%20style%3D%22width%3A%20965px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275010iB801FA4F736119B5%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22downloadconfig.png%22%20alt%3D%22downloadconfig.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIn%20this%20configuration%20file%20you%20will%20note%20that%20there%20are%20the%20Shared%20Keys%20and%20the%20Public%20Ip%20Address%20for%20each%20of%20one%20of%20the%20two%20IPSec%20tunnels%20created%20by%20AWS%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22ipsec1.png%22%20style%3D%22width%3A%20634px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275012iBCB1EBF9D6944F40%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ipsec1.png%22%20alt%3D%22ipsec1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22ipsec1config.png%22%20style%3D%22width%3A%20638px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275013iC0CF7092E18F64ED%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ipsec1config.png%22%20alt%3D%22ipsec1config.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22ipsec2.png%22%20style%3D%22width%3A%20633px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275014i8D17B14411514BE1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ipsec2.png%22%20alt%3D%22ipsec2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ipsec2config.png%22%20style%3D%22width%3A%20637px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275015iA32D6E190319BAED%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ipsec2config.png%22%20alt%3D%22ipsec2config.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20the%20creation%2C%20you%20should%20have%20something%20like%20this%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22awsvpnconfig.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275016iD71A3B18212B542E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22awsvpnconfig.png%22%20alt%3D%22awsvpnconfig.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1564927232%22%20id%3D%22toc-hId--1564927202%22%20id%3D%22toc-hId--1564927202%22%20id%3D%22toc-hId--1564927202%22%20id%3D%22toc-hId--1564927202%22%20id%3D%22toc-hId--1564927202%22%3E%3CSPAN%3EAdding%20the%20AWS%20information%20on%20Azure%20Configuration%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E10.%20Now%20let%E2%80%99s%20create%20the%20Local%20Network%20Gateway%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Local%20Network%20Gateway%20is%20an%20Azure%20resource%20with%20information%20to%20Azure%20about%20the%20customer%20gateway%20device%2C%20in%20this%20case%20the%20AWS%20Virtual%20Private%20Gateway%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22newlng.png%22%20style%3D%22width%3A%20726px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275017iDDE458239F49E4F9%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22newlng.png%22%20alt%3D%22newlng.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createnewlng.png%22%20style%3D%22width%3A%20615px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275018i16F7709A1188DB4C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createnewlng.png%22%20alt%3D%22createnewlng.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20you%20need%20to%20specify%20the%20public%20ip%20address%20from%20the%20AWS%20Virtual%20Private%20Gateway%20and%20the%20VPC%20CIDR%20prefix.%3C%2FP%3E%0A%3CP%3EPlease%20note%20that%20the%20public%20address%20from%20the%20AWS%20Virtual%20Private%20Gateway%20is%20described%20at%20the%20configuration%20file%20you%20have%20downloaded.%3C%2FP%3E%0A%3CP%3EAs%20mentioned%20earlier%2C%20AWS%20creates%20two%20IPSec%20tunnels%20to%20high%20availability%20purposes.%20I'll%20use%20the%20public%20ip%20address%20from%20the%20IPSec%20Tunnel%20%231%20for%20now.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22lngovwerview.png%22%20style%3D%22width%3A%20570px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275019i3E0F6576641FB676%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22lngovwerview.png%22%20alt%3D%22lngovwerview.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E11.%20Then%20let's%20create%20the%20connection%20on%20the%20Virtual%20Network%20Gateway%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createconnection.png%22%20style%3D%22width%3A%20967px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275020i69357B4DC8A538C6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createconnection.png%22%20alt%3D%22createconnection.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createconnection2.png%22%20style%3D%22width%3A%20823px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275021iC87E4D147A91C6F1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createconnection2.png%22%20alt%3D%22createconnection2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20should%20fill%20the%20fields%20according%20below.%20Please%20note%20that%20the%20Shared%20key%20was%20obtained%20at%20the%20configuration%20file%20downloaded%20earlier%20and%20In%20this%20case%2C%20I'm%20using%20the%20Shared%20Key%20for%20the%20Ipsec%20tunnel%20%231%20created%20by%20AWS%20and%20described%20at%20the%20configuration%20file.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createconnection3.png%22%20style%3D%22width%3A%20709px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275022iD9B9BDE0190EC3BC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createconnection3.png%22%20alt%3D%22createconnection3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20a%20few%20minutes%2C%20you%20can%20see%20the%20connection%20established%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22connectionstablished.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275023i9799F8EF365FC5D2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22connectionstablished.png%22%20alt%3D%22connectionstablished.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIn%20the%20same%20way%2C%20we%20can%20check%20on%20AWS%20that%20the%201st%20tunnel%20is%20up%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22awsconnectionstablished.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275024iBE8C5CB56B53024B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22awsconnectionstablished.png%22%20alt%3D%22awsconnectionstablished.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ENow%20let's%20edit%20the%20route%20table%20associated%20with%20our%20VPC%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22editawsroute.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275025iCE02177320896D2C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22editawsroute.png%22%20alt%3D%22editawsroute.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAnd%20add%20the%20route%20to%20Azure%20subnet%20through%20the%20Virtual%20Private%20Gateway%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22saveawsroute.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275026iDF1DC4DAAFE315CA%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22saveawsroute.png%22%20alt%3D%22saveawsroute.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E12.%20Adding%20high%20availability%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20we%20can%20create%20a%202nd%20connection%20to%20ensure%20high%20availability.%20To%20do%20this%20let's%20create%20another%20Local%20Network%20Gateway%20which%20we%20will%20point%20to%20the%20public%20ip%20address%20of%20the%20IPSec%20tunnel%20%232%20on%20the%20AWS%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createlngstandby.png%22%20style%3D%22width%3A%20563px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275027iBA7B9F30C2ED9C10%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createlngstandby.png%22%20alt%3D%22createlngstandby.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThen%20we%20can%20create%20the%202nd%20connection%20on%20the%20Virtual%20Network%20Gateway%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createconnectionstandby.png%22%20style%3D%22width%3A%20693px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275028iE9DB71559326D52E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createconnectionstandby.png%22%20alt%3D%22createconnectionstandby.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAnd%20in%20a%20few%20moments%20we'll%20have%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22azuretunnels.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275030i1273D418053FB9FF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22azuretunnels.png%22%20alt%3D%22azuretunnels.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22awstunnels.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275031i186E4E03E1107BB7%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22awstunnels.png%22%20alt%3D%22awstunnels.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWith%20this%2C%20our%20VPN%20connection%20is%20established%20on%20both%20sides%20and%20the%20work%20is%20done.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E13.%20Let's%20test!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EFirst%2C%20let's%20add%20an%20Internet%20Gateway%20to%20our%20VPC%20at%20AWS.%20The%20Internet%20Gateway%20is%20a%20logical%20connection%20between%20an%20Amazon%20VPN%20and%20the%20Internet.%20This%20resource%20will%20allow%20us%20to%20connect%20through%20the%20test%20VM%20from%20their%20public%20ip%20through%20internet.%20This%20is%20not%20required%20for%20the%20VPN%20connection%2C%20is%20just%20for%20our%20test%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22createigw.png%22%20style%3D%22width%3A%20797px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275070iE546DEEAF405B97E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22createigw.png%22%20alt%3D%22createigw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20create%2C%20let's%20attach%20to%20the%20VPC%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22attachigw.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275071i1650309777967210%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22attachigw.png%22%20alt%3D%22attachigw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22attachigw2.png%22%20style%3D%22width%3A%20793px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275073i1C2277BBF83BFE67%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22attachigw2.png%22%20alt%3D%22attachigw2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ENow%20we%20can%20create%20a%20route%20to%20allow%20connections%20to%26nbsp%3B%3CSTRONG%3E0.0.0.0%2F0%3C%2FSTRONG%3E%26nbsp%3B(Internet)%20through%20the%20Internet%20Gateway%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22allowinternetigw.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275074i1C9EB52FAC025D31%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22allowinternetigw.png%22%20alt%3D%22allowinternetigw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOn%20Azure%20the%20route%20was%20automatically%20created.%20You%20can%20check%20selecting%20the%20Azure%20VM%20%26gt%3B%20Networking%20%26gt%3B%20Network%20Interface%20%26gt%3B%20Effective%20routes.%20Note%20that%20we%20have%202%20(1%20per%20connection)%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22azureeffectiveroutes.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275075i931B28FB3618C439%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22azureeffectiveroutes.png%22%20alt%3D%22azureeffectiveroutes.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ENow%20I've%20created%20a%20Linux%20VM%20on%20Azure%20and%20our%20environment%20looks%20like%20this%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22azoverview.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275077i39FE5394CFE6A07F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22azoverview.png%22%20alt%3D%22azoverview.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAnd%20I%20did%20the%20same%20VM%20creation%20on%20AWS%20that%20looks%20like%20this%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22awsoverview.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275078i25965392A7B97F15%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22awsoverview.png%22%20alt%3D%22awsoverview.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThen%20we%20can%20test%20the%20connectivity%20betweeen%20Azure%20and%20AWS%20through%20our%20VPN%20connection%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22azureping.png%22%20style%3D%22width%3A%20979px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275079i28780EA35628D405%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22azureping.png%22%20alt%3D%22azureping.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22awsping.png%22%20style%3D%22width%3A%20982px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275091i991899448D53E6E9%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22awsping.png%22%20alt%3D%22awsping.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2281900%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20if%20you%20can%20establish%20a%20connection%20between%20Azure%20and%20AWS%20using%20only%20managed%20solutions%20instead%20to%20have%20to%20use%20virtual%20machines%3F%26nbsp%3BThis%20is%20exactly%20what%20we'll%20be%20covering%20on%20this%20article%20connecting%20AWS%20Virtual%20Private%20Gateway%20with%20the%20Azure%20VPN%20Gateway%20directly%20without%20worry%20to%20manage%20IaaS%20resources%20like%20virtual%20machines.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2281900%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EInfra%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2538057%22%20slang%3D%22es-ES%22%3ERe%3A%20How%20to%20create%20a%20VPN%20between%20Azure%20and%20AWS%20using%20only%20managed%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2538057%22%20slang%3D%22es-ES%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F59511%22%20target%3D%22_blank%22%3E%40rmmartins%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2597137%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20create%20a%20VPN%20between%20Azure%20and%20AWS%20using%20only%20managed%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2597137%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F59511%22%20target%3D%22_blank%22%3E%40rmmartins%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThank%20you%20very%20much%20for%20the%20steps.%3CBR%20%2F%3EI%20need%20some%20high%20level%20guidance%20for%20our%20use-case%2C%20if%20you%20don't%20mind%20please.%26nbsp%3B%3CBR%20%2F%3EOurs%20is%20a%20early%20stage%20startup%20company.%20We%20are%20trying%20to%20setup%20secure%20employees%20login%2Fconnections%20to%20our%20AWS%20environment.%20We%20have%20all%20our%2010%20employees%20using%20office365.%20We%20do%20have%20Azure%20subscription%20too.%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20could%20I%20setup%20this%20use-case%3A-%3C%2FP%3E%3CP%3ECreate%20Azure%20VNet%20Gateway%20and%20Azure%20VPN%20(I%20think%20we%20know%20steps%20for%20this).%3CBR%20%2F%3ECreate%20a%20Virtual%20Desktop%20(either%20Ubuntu%20or%20Windows%2C%26nbsp%3B%20in%20AWS%20or%20within%20Azure)%20for%20Multi-User%20session%20mode.%26nbsp%3B%3CBR%20%2F%3EAll%20our%20employees%20should%20login%20to%20Azure%20VPN%20client%20on%20their%20own%20personal%20laptops%20using%20Azure%20AD(O365)%20login%3B%20after%20that%20employees%20should%20login%20to%20the%20Virtual%20Desktop%20using%20SSO%20via%20Azure%20AD.%26nbsp%3B%20After%20logging%20in%20to%20Virtual%20Desktop%20only%20our%20engineers%20should%20be%20able%20to%20connect%20to%20our%20AWS%20resources%20like%20AWS%20EKS%20or%20AWS%20RDS%20or%20anything%20which%20is%20in%20our%20AWS%20private%20subnet%20using%26nbsp%3B%20AWS%20SSO%20via%20Azure%20AD.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EPlease%20provide%20some%20high%20level%20steps%20or%20point%20me%20to%20some%20resources%20which%20could%20help.%20Please%20%26amp%3B%20Thank%20you.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎May 07 2021 10:23 AM
Updated by: