There are two options for creating and configuring a virtual network:

  • Configure the network manually by using a network configuration file
  • Use the wizard in the Azure Management Portal

It is recommended to use the wizard the first time a virtual network is created. The wizard creates a network configuration file (.xml file) for the virtual network. After creating the first virtual network using the Management Portal, the network configuration file can be exported and used as a template to create additional virtual networks.

Follow the steps below to configure a site-to-site VPN in the Azure Management Portal:

Note: These steps are correct at the time of writing this document. These steps may change without our knowledge. Please consult the Microsoft documentation for the latest steps.
  1. Log in to the Azure Management portal.
  2. Click New.
  3. Click Network Services and then click Virtual Network.
  4. Click Custom Create.
  5. Enter the Name of the virtual network, for example EastUSVNet.
    Note: This network name will be used when deploying the Virtual Machines and Platform as a Service (PaaS) instances so it is recommended to not enter a complicated name here.
  6. Specify the Location.
    Note: The location is directly related to the physical location (region) where the resources (Virtual Machines) will reside. For example, if the Virtual Machines that will be deployed to this network will be physically located in East US, select that location. The region associated with the virtual network cannot be changed after it is created.
  7. On the DNS Servers and VPN Connectivity page, enter the following information and then click the Next arrow:
    1. DNS Servers: Enter the DNS server name and IP address, or select a previously registered DNS server from the drop-down menu.
      Note: This setting does not create a DNS server. It allows the specification of the DNS servers to be used for name resolution for this virtual network.
    2. Configure Site-To-Site VPN: Select the check box called Configure a site-to-site VPN.
    3. Local Network: A local network represents the physical on-premises location. Select a local network that has previously been created, or create a new local network.
      Note: If an existing local network was selected, go to the Local Networks configuration page and ensure that the VPN Device IP address (public-facing IPv4 address for the VPN device) is accurate for this local network.
  8. If an existing local network was selected, skip this step. If creating a new local network, the Site-To-Site Connectivity page will appear. Enter the following information and then click the Next arrow:
    1. Name: The name of the local (on-premises) network site.
    2. VPN Device IP Address: This is the public-facing IPv4 address of the on-premises VPN device used to connect to Azure.
    3. Address Space: Specify the address range(s) (including starting IP and CIDR) to be sent through the virtual network gateway to the local on-premises location. If a destination IP address falls between the ranges specified here, it will be routed through the virtual network gateway.
    4. Add address space: If there are multiple address ranges to be sent through the virtual network gateway, this is where each additional address range is specified. Ranges can be added or removed later as needed, on the Local Network page.
  9. On the Virtual Network Address Spaces page, specify the address range to be used for the virtual network. Enter the following information, and then click the checkmark to configure the network:
    Note: These are the Dynamic IP addresses (DIPS) that will be assigned to the Virtual Machines and other role instances that are deployed to this virtual network. There are a few rules regarding the virtual network address space - please refer to the Microsoft - Virtual Network Address Spaces page for more information. It is particularly important to select a range that does not overlap with any of the ranges that are in use for the on-premises network. A range of IP addresses might need to be carved out from the on-premises network address space to be used for the virtual network.
    1. Address Space: Include the starting IP address and the address count.
      Note: Verify that the address spaces specified do not overlap with any of the address spaces on the on-premises network.
    2. Add subnet: Include the starting IP address and address count.
      Note: Additional subnets are not required, but a separate subnet may be needed for Virtual Machines that will have static DIPS. Or the Virtual Machines might need to be in a subnet that is separate from the other role instances.
    3. Add gateway subnet: Click to add the gateway subnet. The gateway subnet is used only for the virtual network gateway and is required for this configuration.
  10. Click the checkmark on the bottom of the page and the virtual network will begin to create. When it completes, Created will be shown under Status on the Networks page in the Azure Management Portal.
  11. Next, configure the virtual network gateway to create a secure site-to-site connection. Refer to Microsoft - Configure a Virtual Network Gateway in the Management Portal for instructions on how to do this.
  12. When you get to the Configure your VPN Device section, refer to the section below for instructions on how to configure the LoadMaster.