Quickstart: Create a virtual network using the Azure portal

In this quickstart, you learn how to create a virtual network using the Azure portal. You deploy two virtual machines (VMs). Next, you securely communicate between VMs and connect to VMs from the internet. A virtual network is the fundamental building block for your private network in Azure. It enables Azure resources, like VMs, to securely communicate with each other and with the internet.

Prerequisites

Sign in to Azure

Sign in to the Azure portal.

Create a virtual network

  1. Select Create a resource in the upper left-hand corner of the portal.

  2. In the search box, enter Virtual Network. Select Virtual Network in the search results.

  3. In the Virtual Network page, select Create.

  4. In Create virtual network, enter or select this information in the Basics tab:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select Create new.
    Enter myResourceGroup.
    Select OK.
    Instance details
    Name Enter myVNet.
    Region Select (US) East US.

    Create virtual network Azure portal

  5. Select the IP Addresses tab, or select the Next: IP Addresses button at the bottom of the page.

  6. In IPv4 address space, select the existing address space and change it to 10.1.0.0/16.

  7. Select + Add subnet, then enter MySubnet for Subnet name and 10.1.0.0/24 for Subnet address range.

  8. Select Add.

  9. Select the Security tab, or select the Next: Security button at the bottom of the page.

  10. Under BastionHost, select Enable. Enter this information:

    Setting Value
    Bastion name Enter myBastionHost
    AzureBastionSubnet address space Enter 10.1.1.0/24
    Public IP Address Select Create new.
    For Name, enter myBastionIP.
    Select OK.
  11. Select the Review + create tab or select the Review + create button.

  12. Select Create.

Create virtual machines

Create two VMs in the virtual network:

Create the first VM

  1. On the upper-left side of the portal, select Create a resource > Compute > Virtual machine.

  2. In Create a virtual machine, type or select the values in the Basics tab:

    Setting Value
    Project Details
    Subscription Select your Azure subscription
    Resource Group Select myResourceGroup
    Instance details
    Virtual machine name Enter myVM1
    Region Select (US) East US
    Availability Options Select No infrastructure redundancy required
    Image Select Windows Server 2019 Datacenter
    Azure Spot instance Select No
    Size Choose VM size or take default setting
    Administrator account
    Username Enter a username
    Password Enter a password
    Confirm password Reenter password
    Inbound port rules
    Public inbound ports Select None.
  3. Select the Networking tab, or select Next: Disks, then Next: Networking.

  4. In the Networking tab, select or enter:

    Setting Value
    Network interface
    Virtual network Select myVNet.
    Subnet Select mySubnet
    Public IP Select None
    NIC network security group Select Basic
    Public inbound ports network Select None.
  5. Select the Review + create tab, or select the blue Review + create button at the bottom of the page.

  6. Review the settings, and then select Create.

Create the second VM

  1. On the upper-left side of the portal, select Create a resource > Compute > Virtual machine.

  2. In Create a virtual machine, type or select the values in the Basics tab:

    Setting Value
    Project Details
    Subscription Select your Azure subscription
    Resource Group Select myResourceGroup
    Instance details
    Virtual machine name Enter myVM2
    Region Select (US) East US
    Availability Options Select No infrastructure redundancy required
    Image Select Windows Server 2019 Datacenter
    Azure Spot instance Select No
    Size Choose VM size or take default setting
    Administrator account
    Username Enter a username
    Password Enter a password
    Confirm password Reenter password
    Inbound port rules
    Public inbound ports Select None.
  3. Select the Networking tab, or select Next: Disks, then Next: Networking.

  4. In the Networking tab, select or enter:

    Setting Value
    Network interface
    Virtual network Select myVNet.
    Subnet Select mySubnet
    Public IP Select None
    NIC network security group Select Basic
    Public inbound ports network Select None.
  5. Select the Review + create tab, or select the blue Review + create button at the bottom of the page.

  6. Review the settings, and then select Create.

Note

Azure provides an default outbound access IP for Azure Virtual Machines which aren't assigned a public IP address, or are in the backend pool of an internal Basic Azure Load Balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

The default outbound access IP is disabled when a public IP address is assigned to the virtual machine or the virtual machine is placed in the backend pool of a Standard Load Balancer with or without outbound rules. If a Azure Virtual Network NAT gateway resource is assigned to the subnet of the virtual machine, the default outbound access IP is disabled.

For more information on outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections.

Connect to myVM1

  1. Go to the Azure portal to manage your private VM. Search for and select Virtual machines.

  2. Pick the name of your private virtual machine myVM1.

  3. In the VM menu bar, select Connect, then select Bastion.

    Connect to myVM1 with Azure Bastion

  4. In the Connect page, select the blue Use Bastion button.

  5. In the Bastion page, enter the username and password you created for the virtual machine previously.

  6. Select Connect.

Communicate between VMs

  1. In the bastion connection of myVM1, open PowerShell.

  2. Enter ping myvm2.

    You'll receive a message similar to this output:

    Pinging myvm2.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net [10.1.0.5] with 32 bytes of data:
    Reply from 10.1.0.5: bytes=32 time=3ms TTL=128
    Reply from 10.1.0.5: bytes=32 time=1ms TTL=128
    Reply from 10.1.0.5: bytes=32 time=1ms TTL=128
    Reply from 10.1.0.5: bytes=32 time=1ms TTL=128
    
    Ping statistics for 10.1.0.5:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 3ms, Average = 1ms
    
  3. Close the bastion connection to myVM1.

  4. Complete the steps in Connect to myVM1, but connect to myVM2.

  5. Open PowerShell on myVM2, enter ping myvm1.

    You'll receive something like this message:

    Pinging myvm1.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net [10.1.0.4] with 32 bytes of data:
    Reply from 10.1.0.4: bytes=32 time=1ms TTL=128
    Reply from 10.1.0.4: bytes=32 time=1ms TTL=128
    Reply from 10.1.0.4: bytes=32 time=1ms TTL=128
    Reply from 10.1.0.4: bytes=32 time=1ms TTL=128
    
    Ping statistics for 10.1.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 1ms, Average = 1ms
    
  6. Close the bastion connection to myVM2.

Clean up resources

In this quickstart, you created a default virtual network and two VMs.

You connected to one VM from the internet and securely communicated between the two VMs.

When you're done using the virtual network and the VMs, delete the resource group and all of the resources it contains:

  1. Search for and select myResourceGroup.

  2. Select Delete resource group.

  3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.

Next steps

To learn more about virtual network settings, see Create, change, or delete a virtual network.

To learn more about types of VM network communications, see Filter network traffic.