Skip to content

Latest commit

 

History

History
167 lines (128 loc) · 5.35 KB

README.md

File metadata and controls

167 lines (128 loc) · 5.35 KB
Raw

Steps to setup Hybrid Cloud with GNS3

Head to my blog article on this topic to get the full writeup on this tutorial

  1. Install Azure PowerShell module. Instructions

    Install-Module -Name Az -AllowClobber -Scope CurrentUser

  2. Connect to Azure Account (the integration with windows is nice):

    Connect-AzAccount

  3. Define common network parameters

    # Virtual network
$RG1         = "TestRG1"
$VNet1       = "VNet1"
$Location1   = "East US"
$VNet1Prefix = "10.1.0.0/16"
$VNet1ASN    = 65001
$GW1         = "VNet1GW"
$FESubnet1   = "FrontEnd"
$BESubnet1   = "Backend"
$GwSubnet1   = "GatewaySubnet"
$FEPrefix1   = "10.1.0.0/24"
$BEPrefix1   = "10.1.1.0/24"
$GwPrefix1   = "10.1.255.0/27"
$GwIP1       = "VNet1GWIP"
$GwIPConf1   = "gwipconf1"
# On-premises network - LNGIP1 is the VPN device public IP address
$LNG1        = "VPNsite1"
$LNGprefix1  = "10.101.0.0/24"
$LNGprefix2  = "10.101.1.0/24"
$LNGIP1      = "65.191.34.34"
# On-premises BGP properties
$LNGASN1     = 65000
$BGPPeerIP1  = "10.101.1.254"
# Connection
$Connection1 = "VNet1ToSite1"

  4. Create a resource group

    New-AzResourceGroup -ResourceGroupName $RG1 -Location $Location1

  5. Create a virtual network

    $fesub1 = New-AzVirtualNetworkSubnetConfig -Name $FESubnet1 -AddressPrefix $FEPrefix1
$besub1 = New-AzVirtualNetworkSubnetConfig -Name $BESubnet1 -AddressPrefix $BEPrefix1
$gwsub1 = New-AzVirtualNetworkSubnetConfig -Name $GWSubnet1 -AddressPrefix $GwPrefix1
$vnet   = New-AzVirtualNetwork `
            -Name $VNet1 `
            -ResourceGroupName $RG1 `
            -Location $Location1 `
            -AddressPrefix $VNet1Prefix `
            -Subnet $fesub1,$besub1,$gwsub1

  6. Request a public IP address for the VPN gateway (this will be a dynamic IP)

    $gwpip    = New-AzPublicIpAddress -Name $GwIP1 -ResourceGroupName $RG1 `
            -Location $Location1 -AllocationMethod Dynamic
$subnet   = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' `
            -VirtualNetwork $vnet
$gwipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GwIPConf1 `
            -Subnet $subnet -PublicIpAddress $gwpip

  7. Create a VPN gateway (this will take up to 45 minutes)

    New-AzVirtualNetworkGateway -Name $Gw1 -ResourceGroupName $RG1 `
-Location $Location1 -IpConfigurations $gwipconf -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -EnableBgp $True -Asn $VNet1ASN

  8. Create a local network gateway

    New-AzLocalNetworkGateway -Name $LNG1 -ResourceGroupName $RG1 `
-Location 'East US' -GatewayIpAddress $LNGIP1 `
-AddressPrefix $LNGprefix1,$LNGprefix2 -Asn $LNGASN1 `
-BgpPeeringAddress $BGPPeerIP1

  9. Create a S2S VPN connection with BGP Enabled

    $vng1 = Get-AzVirtualNetworkGateway -Name $GW1  -ResourceGroupName $RG1
$lng1 = Get-AzLocalNetworkGateway   -Name $LNG1 -ResourceGroupName $RG1

New-AzVirtualNetworkGatewayConnection -Name $Connection1 `
-ResourceGroupName $RG1 -Location $Location1 `
-VirtualNetworkGateway1 $vng1 -LocalNetworkGateway2 $lng1 `
-ConnectionType IPsec -SharedKey "Azure@!b2C3" -EnableBGP $True

  10. Download Premise equipment sample configs. Go to here. or run the following Powershell snippet:

    $RG          = "TestRG1"
$GWName      = "VNet1GW"
$Connection  = "VNet1toSite1"

Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript `
-Name $Connection -ResourceGroupName $RG -DeviceVendor Cisco `
-DeviceFamily "Cisco-ISR(IOS)" -FirmwareVersion "Cisco-ISR-15.x--IKEv2+BGP"

Verification and Troubleshooting commands for the CLI

  • Verify the status of the VPN connection

    Get-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName TestRG1

  • Get the BGP peer status

    Get-AzureRmVirtualNetworkGatewayBGPPeerStatus -VirtualNetworkGatewayName VNet1GW -ResourceGroupName TestRG1

  • View the gateway public IP address

    $myGwIp = Get-AzPublicIpAddress -Name $GwIP1 -ResourceGroup $RG1
$myGwIp.IpAddress

  • Resize a gateway

    $gateway = Get-AzVirtualNetworkGateway -Name $Gw1 -ResourceGroup $RG1
Resize-AzVirtualNetworkGateway -GatewaySku VpnGw2 -VirtualNetworkGateway $gateway

  • Reset a gateway (for troubleshooting)

    $gateway = Get-AzVirtualNetworkGateway -Name $Gw1 -ResourceGroup $RG1
Reset-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

Removal and Clean-Up

  • Delete a Site-to-Site VPN connection

    Remove-AzVirtualNetworkGatewayConnection -Name $Connection1 -ResourceGroupName $RG1

Remove-AzVirtualNetworkGatewayConnection -Name $LNG1 -ResourceGroupName $RG1

  • Clean up resources (this deletes everything)

    Remove-AzResourceGroup -Name $RG1