In this blog, we will take a look at the Azure Virtual WAN configuration.
A Point-to-Site VPN connection is used to establish a secure connection between multiple client machines in your customer sites/on-prem to the private network in Azure via our Internet. This sort of connectivity is used when you have a few staff connecting to Azure VMs ( say 10 users ). If a more dedicated connection is required, we go for another VPN called a Site-to-Site VPN.
If we had to connect another virtual network in place, we need to provision a virtual network gateway subnet for the new vNET or join it via a peering connection. It becomes an issue when there are too many sites to manage as the ones below.
Azure Virtual WAN is a fully managed Azure Service that uses hub-and-spoke architecture to connect to Microsoft’s global network, automating branch connectivity and optimising routing on a vast scale. With Azure WAN, we can create an Azure WAN Hub which is a central point to connect all other networks to it. All on-premises connections can be connected to the Azure WAN service via the Site-to-Site VPN/Point-to-Point or the Express Route. Likewise, all additional vNets can as well be connected to it so we don’t need any peering connection anymore to link these sites.
The following table shows the configurations available for each WAN type:
| Virtual WAN type | Hub type | Available Configurations |
|---|---|---|
| Basic | Basic | Site-to-site VPN only |
| Standard | Standard | ExpressRoute User VPN (Point-to-Site) VPN (Site-to-Site) Inter-hub and VNet-to-VNet transiting through the virtual hub Azure Firewall NVA in a virtual WAN |
Go to the Azure marketplace and search for Virtual WAN
- Give a name – virtual wan
- Choose Resource Group –
- Region
- Select the Type – as Standard or Basic. Choosing Basic will restrict us to just P2P VPN so if we wish to have Site to Site and Express routes we should select Standard as Type.
Review all settings and click Create
Review all resources created and we can now see virtual wan being deployed.
All connections are connected to the hub. From the Virtual WAN go to the Hubs section, and click on New Hub
Provide all these details
- Give a name – virtual hub
- Choose Resource Group –
- Region
- Hub Address space –
- Address space is required by the hub gateway and is assigned for the compute infrastructure managing everything behind
- Virtual Hub capacity – A scale unit is a bandwidth needed
We now see the option to create and link all the VPNs to the WAN link. In this demo, we will go with our point-to-point configuration.
Choose the option to create a site-to-site connection. The AS number is automatically populated for us, Scale unit is a bandwidth needed and under routing we will just choose Microsoft Network.
In the next screen, choose the option to create a point-to-point connection
Provide all these details for the User VPN Config
- Give a name – p2p config
- Choose Tunnel Type – IKEV2 VPN
Paste the certificate data in the section as shown
Under client address pool – this is the address that will be assigned to a client connecting to the point-to-site VPN
Click on Review and Create
Click on Review and Create to create the virtual hub config
The deployment of the virtual hub will take around 40 mins or so.
Our virtual hub is now ready.
Wait for the Routing Status to show as Complete
Connect existing vNET’s to your VWAN
The advantage of using the Azure WAN is to prevent us from creating individual peering connections. To add existing vNets to Azure WAN, go to Add Connections
Enter the following info
- Name of connection
- Choose the hub as a virtual hub
- Virtual Network – choose the vNet we are linking to the hub
Under Routing Config, we will just leave it the default setting
Our Cloud VPC peering connection is added to the Virtual WAN
Likewise, I’ve also linked our Home VPC to the Azure WAN.
Summary of our virtual connections is shown
If we now see the peering we can see its connected to the virtual WAN.
From our home pc, we will be able to connect to our web server installed on the cloud vm
Azure Virtual WAN Hub – Point-to-Site connections
Our P2P connections can be seen in the User VPN Config
Download the VPN Client
Download the vpn client and install it on your PC
Download the vpn client and install it on your PC
Our Point to Site has been established via the Azure WAN so lets ping to the peer VM private IP
