Exercise: Resolve site-to-site VPN gateway connection

  • 9 minutes

Important

You need your own Azure subscription to complete the exercises in this module. If you don't have an Azure subscription, you can still view the demonstration video in the preceding unit.

You've explored the possible reasons why your two machines can't connect to each other. You found that the shared key for the two connections is different.

In this exercise, you'll see how to change the shared key on a VPN gateway connection, and then test that this has resolved the issue. If you have not already run the script in unit 2, please do so now so you can follow the exercise below.

Change a gateway connection's shared key

Follow these steps to check the shared key for both the VPN gateways connections:

  1. In the Azure portal, search for virtual network gateways, then under Services, select Virtual network gateways.

    Screenshot showing virtual gateway search.

  2. Select the first VPN gateway, Vnet1GW.

  3. Under Settings, select Connections.

    Screenshot showing all v net to v net connections.

  4. Select the first connection, VNet1-VNet2.

  5. Under Settings, select Shared key.

    Screenshot showing the first shared key.

  6. Copy the text in the Shared key (PSK).

  7. In the breadcrumb, select VNet1GW to return the VPN gateway pane.

  8. Select the second connection, VNet2-VNet1.

    Screenshot showing the second vnet to vnet connection.

  9. Under Settings, select Shared key.

  10. Paste the value you copied into the Shared key (PSK). This is to make sure that the values match.

Test the issue is resolved

Repeat the steps you did in the previous exercise to see if the two VMs can connect to each other. Using the Cloud Shell on the right and the Azure portal, follow these steps:

  1. Open the Azure portal in a new tab.

  2. Search for virtual machines then, under Services, select Virtual machines.

    Screenshot showing search screen for virtual machines.

  3. From the list of VMs, select VM1.

    Screenshot showing the I P address of the first virtual machine.

  4. Make a note of the Public IP address and Private IP address.

  5. Repeat the last two steps for VM2 and note the Public IP address and Private IP address.

  6. On the right, in the Cloud Shell, connect to VM1 with SSH to the public IP address:

    
ssh azureuser@<VM1 public IP address>

    Note

    Replace <VM1 public IP address> with the public IP address you noted for VM1.

  7. At the prompt, Are you sure you want to continue connecting (yes/no)? type yes.

  8. At the prompt for a password, type azur3Pa55w.rd.

  9. Your prompt should now be azureuser@VM1:~$.

  10. This means you have successfully connected to VM1.

  11. Ping the private IP address of VM2.

    
ping <private IP address VM2>

    Note

    Replace <private IP address VM2> with the private IP address you noted for VM2.

    Screenshot showing the ping command working.

  12. If you have resolved the connection issue, you should see a response from VM2.