Deploying VPN gateways and connections, using Azure Resource Manager – Part 2

I recently blogged about deploying Azure VPN gateways with Azure Resource Manager templates. After that post, I’ve been asked if it’s only possible through templates, and no, that is not the only way to do it. You can also use PowerShell

In this post, I’ll guide you through deploying a network and VPN gateway, and setting up a connection via PowerShell.

First we will need a bunch of information. Which location will we deploy to? What address spaces and subnets do we want to create? What is our local gateway IP address? What shared key should be used? Go ahead and fill in your own information for all these variables:

[powershell]$location = "West Europe"
$name = "demo"
$rgname = "demo-rg"
$addressPrefix = "10.0.0.0/22"
$subnetPrefix = "10.0.0.0/24"
$gwSubnetPrefix = "10.0.1.248/29"
$localGwIP = "90.184.133.74"
$localSubnets = @("192.168.50.0/24","192.168.51.0/24")
$sharedKey = -join(97..122|%{[char]$_}|Get-Random -C 20)
$tags = @{Name="env";Value=$name}
[/powershell]

$rgname is the name of the resource group I want to deploy everything to. If you don’t have a resource group, use New-AzureResourceGroup to create one. It is not important which region you place the resource group in, as resource groups can span regions. Virtual Networks however, can not span regions.

I use the $name variable to name and also tag all the resources I deploy. By tagging the resources I can filter them on my bills and see exactly what the cost of them was.

First up, we need to create the subnet configurations based on the subnets we defined in our variables. I always put the gateway subnet in the end of my address space, which in this case is 10.0.1.248/29. As you can see below, my gateway subnet is not using the $name variable I specified. That’s because it has to be named GatewaySubnet:

[powershell]
$gwSubnet = New-AzureVirtualNetworkSubnetConfig -Name ‘GatewaySubnet’ -AddressPrefix $gwSubnetPrefix
$subnet1 = New-AzureVirtualNetworkSubnetConfig -Name ($name + "-subnet") -AddressPrefix $subnetPrefix
[/powershell]

Next, request a public IP address which will be used:

[powershell]
$gwIP = New-AzurePublicIpAddress -Name ($name + "-gwip") -ResourceGroupName $rgname -Location $location -AllocationMethod Dynamic -Tag $tags
[/powershell]

Next, create the network and specify your subnet configurations:

[powershell]
$vnet = New-AzureVirtualNetwork -Name ($name + "-vnet") -ResourceGroupName $rgname -Location $location -AddressPrefix $addressPrefix -Subnet $gwSubnet, $subnet1 -Tag $tags[/powershell]

Now we will create the VPN gateway configuration where we bind the subnet and public IP address to the gateway. Unfortunately we have to use the subnet ID which is not available in the subnet configuration we created first, so we have to get that by using Get-AzureVirtualNetworkGatewayIpConfig:

[powershell]
$gwConfig = New-AzureVirtualNetworkGatewayIpConfig -Name ($name + "-gwconfig") -SubnetId (Get-AzureVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name GatewaySubnet).Id -PublicIpAddressId $gwIP.Id[/powershell]

When that’s done, we can create the actual gateway. This will take some time, sometimes up to 40 minutes, so be patient. I will be using a Route Based (earlier known as Dynamic Routing) gateway for this deployment:

[powershell]
$gw = New-AzureVirtualNetworkGateway -Name ($name + "-gw") -ResourceGroupName $rgname -Location $location -IpConfigurations $gwConfig -GatewayType VPN -VpnType RouteBased -Tag $tags[/powershell]

When the gateway is created, we can go ahead and add connections to it. I’ll start by adding a configuration for my local network, which includes the public IP of my VPN device, and the subnets I have locally:

[powershell]
$localGw = New-AzureLocalNetworkGateway -Name ($name + "-local") -ResourceGroupName $rgname -Location $location -GatewayIpAddress $localGwIP -AddressPrefix $localSubnets -Tag $tags[/powershell]

Last, we can tell the VPN gateway that we want to use the local gateway we configured in the last step. I use a randomly generated string as my shared key:

[powershell]
New-AzureVirtualNetworkGatewayConnection -Name ($name + "-conn") -ResourceGroupName $rgname -Location $location -VirtualNetworkGateway1 $gw -LocalNetworkGateway2 $localGw -ConnectionType IPsec -RoutingWeight 10 -SharedKey $sharedKey -Tag $tags[/powershell]