On-Premises Network connectivity to Microsoft Azure VNets

On-Premises Network connectivity to Microsoft Azure VNets

Cross-Premises Azure Virtual Network

A Cross-Premises Azure Virtual Network is connected to your On-Premises Network, extending your network to include subnets and virtual machine hosted in Azure.

In Order to connect your On-Premises network to Azure Virtual Machine, you should configure a cross-Premises Azure Virtual Network.

Below diagram shows the components required to deploy the Cross-Premises Azure Virtual Network with a Virtual machine in Azure.

In above figure, Two networks are connected via Site-to-Site VPN Connection over Public Internet. VPN is terminated on VPN Device on On-Premises Network and Azure VPN gateway on Azure Virtual Network.

In Order to set up the VPN Connection between your Azure Virtual network and On-premises network, you must follow the following steps:

  • On-Premises: Define and Create an On-Premises Network route for subnets of the Azure Virtual network that points to your On-Premises VPN Device.
  • Microsoft-Azure: Create an Azure Virtual Network with a Site-to-Site VPN Connection.
  • On-Premises: Configure your On-Premises Hardware or Software VPN device to terminate the VPN Connection, which uses Internet Protocol Security (IPsec).

Once Site-to-Site VPN is established, you can add Azure Virtual machine to subnets of the Virtual network.

How to Plan your Azure Virtual network


  • You must have an Azure Subscription.
  • An Available IPV4 address Space (Subnets) for Azure VNet.
  • An Available VPN device in your On-Premises network to terminate the Site-to-Site VPN Connection that supports requirements of IPsec.
  • Change your Routing Infrastructure so that traffic routed to the address space of Azure Virtual network gets forwarded to VPN device that hosts the Site-To-Site VPN Connection.
  • A Web-Proxy that routes On-Premises Computers and Azure VNet access to Internet.

Solution Architecture Design Assumption

This Solution uses Single Azure VNet with Site-to-Site VPN Connection. Single VNet uses a single subnet that host multiple Virtual Machine.

You should use Routing and remote Access Service (RRAS) in Windows Server 2016 or Windows Server 2012 to establish an IPsec site-to-site VPN connection between On-Premises network and the Azure Virtual network. You can use other option like Cisco, Juniper VPN device.

On-Premises Network might have services like Active Directory domain service ,  Domain Name System, Proxy Servers. Based on your requirement , it can be useful to place some of the these service in Azure VNet.

Plan Routing for Azure VNet

On-Premises Network must be configured to route traffic destined for Azure Vnet Subnets towards VPN device hosted on On-Premises Network.


    You are will be the first.


Please login here to comment.