Azure-Advanced-Networking

M02-Unit 3 Create and configure a virtual network gateway

In this exercise you will configure a virtual network gateway to connect the Contoso Core Services VNet and Manufacturing VNet.

In this exercise, you will:

• Task 1: Create CoreServicesVnet and ManufacturingVnet
• Task 2: Create CoreServicesVnet Gateway
• Task 3: Create ManufacturingVnet Gateway
• Task 4: Create CoreServicesVM
• Task 5: Create ManufacturingVM
• Task 6: Connect to the Test VMs using RDP
• Task 7: Test the connection between the VMs
• Task 8: CoreServicesVnet to ManufacturingVnet
• Task 9: Connect ManufacturingVnet to CoreServicesVnet
• Task 10: Verify that the connections connect
• Task 11: Test the connection between the VMs

Estimated time: 70 minutes (including ~45 minutes deployment waiting time)

Task 1: Create CoreServicesVnet and ManufacturingVnet

1. On the Azure portal, open the PowerShell session within the Cloud Shell pane.

2. On the toolbar of the Cloud Shell pane, select the Upload/Download files icon, in the drop-down menu, select Upload and upload the following files azuredeploy.json and azuredeploy.parameters.json into the Cloud Shell home directory one by one from the source folder Allfiles\Exercises\M02

3. Deploy the following ARM templates to create the virtual network and subnets needed for this exercise:

   $RGName = "ContosoResourceGroup"
   #create resource group if it doesnt exist
   New-AzResourceGroup -Name $RGName -Location "eastus"
   New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile azuredeploy.json -TemplateParameterFile azuredeploy.parameters.json
   

Task 2: Create CoreServicesVnet Gateway

1. In Search resources, services, and docs (G+/), enter Virtual network gateway, and then select Virtual network gateways from the results.

2. In Virtual network gateways, select + Create.

3. Use the information in the following table to create the virtual network gateway:

   Tab	Section	Option	Value
   Basics	Project Details	Subscription	No changes required
   		ResourceGroup	ContosoResourceGroup
   	Instance Details	Name	CoreServicesVnetGateway
   		Region	East US
   		Gateway type	VPN
   		VPN type	Route-based
   		SKU	VpnGw1
   		Generation	Generation1
   		Virtual network	CoreServicesVnet
   		Subnet	GatewaySubnet (10.20.0.0/27)
   		Public IP address type	Standard (default)
   	Public IP address	Public IP address	Create new
   		Public IP address name	CoreServicesVnetGateway-ip
   		Enable active-active mode	Disabled
   		Configure BGP	Disabled
   Select Review + create		Review your settings and select Create.

   Note:

   It can take up to 45 minutes to create a virtual network gateway.

Task 3: Create ManufacturingVnet Gateway

1. In Search resources, services, and docs (G+/), enter Virtual network gateway, and then select Virtual network gateways from the results.

2. In Virtual network gateways, select + Create.

3. Use the information in the following table to create the virtual network gateway:

   Tab	Section	Option	Value
   Basics	Project Details	Subscription	No changes required
   		ResourceGroup	ContosoResourceGroup
   	Instance Details	Name	ManufacturingVnetGateway
   		Region	West Europe
   		Gateway type	VPN
   		VPN type	Route-based
   		SKU	VpnGw1
   		Generation	Generation1
   		Virtual network	ManufacturingVnet
   		Subnet	GatewaySubnet (10.30.0.0/27)
   		Public IP Address Type	Standard (default)
   	Public IP address	Public IP address	Create new
   		Public IP address name	ManufacturingVnetGateway-ip
   		Enable active-active mode	Disabled
   		Configure BGP	Disabled
   Select Review + create		Review your settings and select Create.

   Note:

   It can take up to 45 minutes to create a virtual network gateway.

Task 4: Create CoreServicesVM

1. On the Azure portal, open the PowerShell session within the Cloud Shell pane.

2. On the toolbar of the Cloud Shell pane, select the Upload/Download files icon, in the drop-down menu, select Upload and upload the following files CoreServicesVMazuredeploy.json and CoreServicesVMazuredeploy.parameters.json into the Cloud Shell home directory one by one from the source folder Allfiles\Exercises\M02.

3. Deploy the following ARM templates to create the VMs needed for this exercise:

   $RGName = "ContosoResourceGroup"
      
   New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile CoreServicesVMazuredeploy.json -TemplateParameterFile CoreServicesVMazuredeploy.parameters.json
   

4. When the deployment is complete, go to the Azure portal home page, and then select Virtual Machines.

5. Verify that the virtual machine has been created.

Task 5: Create ManufacturingVM

1. On the Azure portal, open the PowerShell session within the Cloud Shell pane.

2. On the toolbar of the Cloud Shell pane, select the Upload/Download files icon, in the drop-down menu, select Upload and upload the following files ManufacturingVMazuredeploy.json and ManufacturingVMazuredeploy.parameters.json into the Cloud Shell home directory one by one from the source folder Allfiles\Exercises\M02.

3. Deploy the following ARM templates to create the VMs needed for this exercise:

   $RGName = "ContosoResourceGroup"
      
   New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile ManufacturingVMazuredeploy.json -TemplateParameterFile ManufacturingVMazuredeploy.parameters.json -asjob
   

4. When the deployment is complete, go to the Azure portal home page, and then select Virtual Machines.

5. Verify that the virtual machine has been created.

Task 6: Connect to the Test VMs using RDP

1. On the Azure Portal home page, select Virtual Machines.

2. Select ManufacturingVM.

3. On ManufacturingVM, select Connect > RDP.

4. On **ManufacturingVM

   Connect, select **Download RDP file.

5. Save the RDP file to your desktop.

6. Connect to ManufacturingTestVM using the RDP file, and the username TestUser and the password TestPa$$w0rd!. After connecting, minimize the RDP session.

7. On the Azure Portal home page, select Virtual Machines.

8. Select CoreServicesVM.

9. On CoreServicesVM, select Connect > RDP.

10. On **CoreServicesVM

    Connect, select **Download RDP file.

11. Save the RDP file to your desktop.

12. Connect to CoreServicesTestVM using the RDP file, and the username TestUser and the password TestPa$$w0rd!.

13. On both VMs, in Networks, select Yes.

14. On CoreServicesTestVM, open a PowerShell prompt.

15. Use the following command to note the IPv4 address of the machine:

    ipconfig
    

Task 7: Test the connection between the VMs

1. On the ManufacturingVM, open a PowerShell prompt.

2. Use the following command to verify that there is no connection to CoreServicesVM on CoreServicesVnet. Be sure to use the IPv4 address for CoreServicesVM.

   Test-NetConnection 10.20.20.4 -port 3389
   

3. The test connection should fail, and you will see a result similar to the following:

   

Task 8: Connect CoreServicesVnet to ManufacturingVnet

1. In Search resources, services, and docs (G+/), enter Virtual network gateway, and then select Virtual network gateways from the results.

2. In Virtual network gateways, select CoreServicesVnetGateway.

3. In CoreServicesGateway, select Connections, and then select + Add.

   Note:

   You will not be able to complete this configuration until the virtual network gateways are fully deployed.

4. Use the information in the following table to create the connection:

   Option	Value
   Name	CoreServicesGW-to-ManufacturingGW
   Connection type	VNet-to-VNet
   First virtual network gateway	CoreServicesVnetGateway
   Second virtual network gateway	ManufacturingVnetGateway
   Shared key (PSK)	abc123
   Use Azure Private IP Address	Not selected
   Enable BGP	Not selected
   IKE Protocol	IKEv2
   Subscription	No changes required
   Resource group	No changes required
   Location	East US

5. To create the connection, select OK.

Task 9: Connect ManufacturingVnet to CoreServicesVnet

1. In Search resources, services, and docs (G+/), enter Virtual network gateway, and then select Virtual network gateways from the results.

2. In Virtual network gateways, select ManufacturingVnetGateway.

3. In CoreServicesGateway, select Connections, and then select + Add.

4. Use the information in the following table to create the connection:

   Option	Value
   Name	ManufacturingGW-to-CoreServicesGW
   Connection type	VNet-to-VNet
   First virtual network gateway	ManufacturingVnetGateway
   Second virtual network gateway	CoreServicesVnetGateway
   Shared key (PSK)	abc123
   Use Azure Private IP Address	Not selected
   Enable BGP	Not selected
   IKE Protocol	IKEv2
   Subscription	No changes required
   Resource group	No changes required
   Location	West Europe

5. To create the connection, select OK.

Task 10: Verify that the connections connect

1. In Search resources, services, and docs (G+/), enter connections, and then select connections from the results.

2. Wait until the status of both connections is Connected. You may need to refresh your screen.

Note: This could take a couple of minutes.

Task 11: Test the connection between the VMs

1. On the ManufacturingVM, open PowerShell.

2. Use the following command to verify that there is now a connection to CoreServicesVM on CoreServicesVnet. Be sure to use the IPv4 address for CoreServicesVM.

   Test-NetConnection 10.20.20.4 -port 3389
   

3. The test connection should succeed, and you will see a result similar to the following:

   

4. Close the Remote Desktop connection windows.

Congratulations! You have configured a VNet-to-VNet connection by using a virtual network gateway.