您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:使用 Azure 虚拟 WAN 创建站点到站点连接Tutorial: Create a Site-to-Site connection using Azure Virtual WAN

本教程介绍如何使用虚拟 WAN 通过 IPsec/IKE(IKEv1 和 IKEv2)VPN 连接来与 Azure 中的资源建立连接。This tutorial shows you how to use Virtual WAN to connect to your resources in Azure over an IPsec/IKE (IKEv1 and IKEv2) VPN connection. 此类型的连接要求位于本地的 VPN 设备分配有一个面向外部的公共 IP 地址。This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. 有关虚拟 WAN 的详细信息,请参阅虚拟 WAN 概述For more information about Virtual WAN, see the Virtual WAN Overview.

本教程介绍如何执行下列操作:In this tutorial you learn how to:

  • 创建虚拟 WANCreate a virtual WAN
  • 创建中心Create a hub
  • 创建站点Create a site
  • 将站点连接到中心Connect a site to a hub
  • 将 VPN 站点连接到中心Connect a VPN site to a hub
  • 将 VNet 连接到中心Connect a VNet to a hub
  • 下载配置文件Download a configuration file
  • 查看虚拟 WANView your virtual WAN

备注

如果你有多个站点,则通常会使用虚拟 WAN 合作伙伴来创建此配置。If you have many sites, you typically would use a Virtual WAN partner to create this configuration. 但是,如果你熟悉网络技术并能够熟练配置自己的 VPN 设备,则可以自行创建此配置。However, you can create this configuration yourself if you are comfortable with networking and proficient at configuring your own VPN device.

虚拟 WAN 示意图

开始之前Before you begin

在开始配置之前,请验证你是否符合以下条件:Verify that you have met the following criteria before beginning your configuration:

  • 你拥有一个要连接到的虚拟网络。You have a virtual network that you want to connect to. 确认本地网络的任何子网都不会与要连接到的虚拟网络重叠。Verify that none of the subnets of your on-premises networks overlap with the virtual networks that you want to connect to. 要在 Azure 门户中创建虚拟网络,请参阅快速入门To create a virtual network in the Azure portal, see the Quickstart.

  • 虚拟网络不包含任何虚拟网络网关。Your virtual network does not have any virtual network gateways. 如果虚拟网络包含网关(VPN 或 ExpressRoute),则必须删除所有网关。If your virtual network has a gateway (either VPN or ExpressRoute), you must remove all gateways. 此配置要求将虚拟网络改为连接到虚拟 WAN 中心网关。This configuration requires that virtual networks are connected instead, to the Virtual WAN hub gateway.

  • 获取中心区域的 IP 地址范围。Obtain an IP address range for your hub region. 该中心是虚拟 WAN 创建和使用的虚拟网络。The hub is a virtual network that is created and used by Virtual WAN. 为中心指定的地址范围不能与要连接到的任何现有虚拟网络重叠。The address range that you specify for the hub cannot overlap with any of your existing virtual networks that you connect to. 此外,它也不能与本地连接到的地址范围重叠。It also cannot overlap with your address ranges that you connect to on premises. 如果不熟悉本地网络配置中的 IP 地址范围,则咨询能够提供此类详细信息的人员。If you are unfamiliar with the IP address ranges located in your on-premises network configuration, coordinate with someone who can provide those details for you.

  • 如果还没有 Azure 订阅,可以创建一个免费帐户If you don't have an Azure subscription, create a free account.

创建虚拟 WANCreate a virtual WAN

从浏览器导航到 Azure 门户并使用 Azure 帐户登录。From a browser, navigate to the Azure portal and sign in with your Azure account.

  1. 导航到“虚拟 WAN”页。Navigate to the Virtual WAN page. 在门户中,单击“+创建资源” 。In the portal, click +Create a resource. 在搜索框中键入“虚拟 WAN” ,然后选择 Enter。Type Virtual WAN into the search box and select Enter.

  2. 从结果中选择“虚拟 WAN” 。Select Virtual WAN from the results. 在“虚拟 WAN”页上,单击“创建”以打开“创建 WAN”页 。On the Virtual WAN page, click Create to open the Create WAN page.

  3. 在“创建 WAN”页的“基本信息”选项卡上,填写以下字段 :On the Create WAN page, on the Basics tab, fill in the following fields:

    虚拟 WAN

    • 订阅 - 选择要使用的订阅。Subscription - Select the subscription that you want to use.
    • 资源组 - 新建资源组或使用现有的资源组。Resource group - Create new or use existing.
    • 资源组位置 - 从下拉列表中选择资源位置。Resource group location - Choose a resource location from the dropdown. WAN 是一个全局资源,不会驻留在某个特定区域。A WAN is a global resource and does not live in a particular region. 但是,必须选择一个区域才能更轻松地管理和查找所创建的 WAN 资源。However, you must select a region in order to more easily manage and locate the WAN resource that you create.
    • 名称 - 键入要用于称呼 WAN 的名称。Name - Type the Name that you want to call your WAN.
    • 类型: 基本或标准。Type: Basic or Standard. 如果创建基本 WAN,则只能创建基本中心。If you create a Basic WAN, you can create only a Basic hub. 基本中心仅支持 VPN 站点到站点连接。Basic hubs are capable of VPN site-to-site connectivity only.
  4. 填写完字段后,单击“审阅 + 创建” 。After you finish filling out the fields, select Review +Create.

  5. 验证通过后,选择“创建”以创建虚拟 WAN 。Once validation passes, select Create to create the virtual WAN.

创建中心Create a hub

中心是一种虚拟网络,可包含适用于站点到站点、ExpressRoute 或点到站点功能的网关。A hub is a virtual network that can contain gateways for site-to-site, ExpressRoute, or point-to-site functionality. 创建中心后,即使你没有附加任何站点,也会对该中心收取费用。Once the hub is created, you'll be charged for the hub, even if you don't attach any sites. 在虚拟中心创建站点到站点 VPN 网关需要 30 分钟时间。It takes 30 minutes to create the site-to-site VPN gateway in the virtual hub.

  1. 找到创建的虚拟 WAN。Locate the Virtual WAN that you created. 在虚拟 WAN 页上的“连接”部分下,选择“中心” 。On the Virtual WAN page, under the Connectivity section, select Hubs.

  2. 在中心页上,选择“+ 新建中心”打开“创建虚拟中心”页 。On the Hubs page, select +New Hub to open the Create virtual hub page.

    基础知识Basics

  3. 在“创建虚拟中心”页上的“基本”选项卡,请填写以下字段 :On the Create virtual hub page Basics tab, complete the following fields:

    项目详细信息Project details

    • 区域(之前称为位置)Region (previously referred to as Location)
    • NameName
    • 中心专用地址空间。Hub private address space. 用于创建中心的最小地址空间是 /24,这表示在创建过程中从 /25 到 /32 的任何范围都将产生错误。The minimum address space is /24 to create a hub, which implies anything range from /25 to /32 will produce an error during creation.
  4. 在完成时选择“下一步: 站点到站点”。Select Next: Site-to-site.

    站点到站点Site-to-site

  5. 在“站点到站点”选项卡上填写以下字段: On the Site-to-site tab, complete the following fields:

    • 选择“是”以创建站点到站点 VPN。 Select Yes to create a Site-to-site VPN.
    • 暂时无法在虚拟中心编辑“AS 编号”字段。The AS Number field is not editable in the virtual hub at this time.
    • 从下拉列表中选择“网关缩放单元” 。Select the Gateway scale units value from the dropdown. 缩放单元允许选择在虚拟中心内创建的、要将站点连接到的 VPN 网关的聚合吞吐量。The scale unit lets you pick the aggregate throughput of the VPN gateway being created in the virtual hub to connect sites to. 如果选择 1 个 500 Mbps 的缩放单元,则表示会创建两个实例以实现冗余,每个实例的最大吞吐量为 500 Mbps。If you pick 1 scale unit = 500 Mbps, it implies that two instances for redundancy will be created, each having a maximum throughput of 500 Mbps. 例如,如果你有 5 个分支,每个分支执行 10 Mbps 的 IO,则前端的聚合吞吐量需要达到 50 Mbps。For example, if you had five branches, each doing 10 Mbps at the branch, you will need an aggregate of 50 Mbps at the head end. 应在评估支持中心的分支数量所需的容量后,再规划 Azure VPN 网关的聚合容量。Planning for aggregate capacity of the Azure VPN gateway should be done after assessing the capacity needed to support the number of branches to the hub.
  6. 选择“查看 + 创建”以验证 。Select Review + Create to validate.

  7. 选择“创建”以创建中心 。Select Create to create the hub. 30 分钟后,“刷新”以在“中心”页上查看该中心 。After 30 minutes, Refresh to view the hub on the Hubs page. 选择“转到资源”导航到资源 。Select Go to resource to navigate to the resource.

创建站点Create a site

现在,你可以创建与物理位置对应的站点。You are now ready to create the sites corresponding to your physical locations. 创建任意数目的与物理位置对应的站点。Create as many sites as you need that correspond to your physical locations. 例如,如果你在纽约、伦敦和洛杉矶各有一个分支机构,请创建三个独立的站点。For example, if you have a branch office in NY, a branch office in London, and a branch office and LA, you'd create three separate sites. 这些站点包含本地 VPN 设备终结点。These sites contain your on-premises VPN device endpoints. 在虚拟 WAN 中,每个虚拟中心最多可以创建 1000 个站点。You can create up to 1000 sites per Virtual Hub in a Virtual WAN. 如果有多个中心,则可以为每个中心创建 1000 个站点。If you had multiple hubs, you can create 1000 per each of those hubs. 如果你有虚拟 WAN 合作伙伴(插入链接)CPE 设备,请咨询这些设备以了解其对 Azure 的自动化。If you have Virtual WAN partner (link insert) CPE device, check with them to learn about their automation to Azure. 通常,自动化意味着只需执行简单的单击操作即可将大规模分支信息导出到 Azure 中,并设置从 CPE 到 Azure 虚拟 WAN VPN 网关的连接。Typically automation implies simple click experience to export large-scale branch information into azure and setting up connectivity from the CPE to Azure Virtual WAN VPN gateway. 有关详细信息,请参阅从 Azure 到 CPE 合作伙伴的自动化指南For more information, see Automation guidance from Azure to CPE partners.

  1. 在虚拟 WAN 的“门户”页上,选择“连接”部分中的“VPN 站点”以开打“VPN 站点”页 。On the portal page for your virtual wan, in the Connectivity section, select VPN sites to open the VPN sites page.

  2. 在“VPN 站点” 页上,单击“+创建站点” 。On the VPN sites page, click +Create site.

    基础知识Basics

  3. 在“创建 VPN 站点”页的“基本信息”选项卡上,填写以下字段 :On the Create VPN Site page, on the Basics tab, complete the following fields:

    • 区域 - 之前称为位置。Region - Previously referred to as location. 这是要在其中创建此站点资源的位置。This is the location you want to create this site resource in.
    • 名称 - 本地站点的名称。Name - The name by which you want to refer to your on-premises site.
    • 设备供应商 - VPN 设备供应商的名称(例如:Citrix、Cisco、Barracuda)。Device vendor - The name of the VPN device vendor (for example: Citrix, Cisco, Barracuda). 这有助于 Azure 团队更好地了解你的环境,以便将来添加更多的可用优化选项,或帮助你进行故障排除。Doing so can help the Azure Team better understand your environment to add additional optimization possibilities in the future, or to help you troubleshoot.
    • 边界网关协议 - 启用意味着来自站点的所有连接都将启用 BGP。Border Gateway Protocol - Enable implies all connections from the site will be BGP enabled. 最后将从“链路”部分的 VPN 站点设置每条链路的 BGP 信息。You will eventually set up the BGP information for each link from the VPN Site in the Links section. 在虚拟 WAN 上配置 BGP 就等同于在 Azure 虚拟网络网关 VPN 上配置 BGP。Configuring BGP on a Virtual WAN is equivalent to configuring BGP on an Azure virtual network gateway VPN. 本地 BGP 对等节点地址不能与 VPN 到设备的公共 IP 地址或 VPN 站点的 VNet 地址空间相同。Your on-premises BGP peer address must not be the same as the public IP address of your VPN to device or the VNet address space of the VPN site. 在 VPN 设备上对 BGP 对等节点 IP 使用不同的 IP 地址。Use a different IP address on the VPN device for your BGP peer IP. 它可以是分配给该设备上环回接口的地址。It can be an address assigned to the loopback interface on the device. 但是,该地址不能是 APIPA (169.254.x.x) 地址。However, it cannot be an APIPA (169.254.x.x) address. 在表示该位置的相应 VPN 站点中指定此地址。Specify this address in the corresponding VPN site representing the location. 有关 BGP 先决条件,请参阅关于 Azure VPN 网关的 BGPFor BGP prerequisites, see About BGP with Azure VPN Gateway. 启用 VPN 站点 BGP 设置后,始终可以编辑 VPN 连接以更新其 BGP 参数(链路上的对等互连 IP 和 AS 编号)。You can always edit a VPN connection to update its BGP parameters (Peering IP on the link and the AS #) once the VPN Site BGP setting is enabled.
    • 专用地址空间 - 位于本地站点的 IP 地址空间。Private address space - The IP address space that is located on your on-premises site. 发往此地址空间的流量将路由到本地站点。Traffic destined for this address space is routed to your local site. 如果没有为站点启用 BGP,则必需填写此字段。This is required when BGP is not enabled for the site.
    • 中心 - 希望站点连接到的中心。Hubs - The hub that you want your Site to connect to. 站点只能连接到具有 VPN 网关的中心。A site can only be connected to the hubs that have a VPN Gateway. 如果看不到中心,请先在相应中心内创建 VPN 网关。If you do not see a hub, please create a VPN gateway in that hub first.
  4. 选择“链路”以在分支添加物理链路的信息 。Select Links to add information about the physical links at the branch. 如果有虚拟 WAN 合作伙伴 CPE 设备,请检查该设备,查看是否将此信息作为从其系统设置的分支信息上传的一部分与 Azure 进行交换。If you have a virtual wan partner CPE device, check with them to see if this information is exchanged with Azure as a part of the branch information upload set up from their systems.

    链路links

    • 链路名称 - 要在 VPN 站点为物理链路提供的名称。Link Name - A name you want to provide for the physical link at the VPN Site. 例如:mylink1。Example: mylink1.
    • 提供程序名称 - 物理链路在 VPN 站点的的名称。Provider Name - The name of the physical link at the VPN Site. 示例:ATT、Verizon。Example: ATT, Verizon.
    • 速度 - 这是 VPN 设备在分支位置的速度。Speed - This is the speed of the VPN device at the branch location. 示例:50 表示 VPN 设备在分支站点的速度为 50 Mbps。Example: 50, which means 50 Mbps is the speed of the VPN device at the branch site.
    • IP 地址 - 使用此链路的本地设备的公共 IP 地址。IP Address - Public IP address of the on-prem device using this link. 可以根据需要提供 ExpressRoute 后的本地 VPN 设备的专用 IP 地址。Optionally, you can provide the private IP address of your on-premises VPN device that is behind ExpressRoute.
  5. 可以使用复选框删除或添加其他链路。You can use the checkbox to delete or add additional links. 支持每个 VPN 站点四条链路。Four links per VPN Site are supported. 例如,如果在分支位置有四个 ISP(Internet 服务提供商),则可以创建四条链路。For example, if you have four ISP (Internet service provider) at the branch location, you can create four links. 每个 ISP 一条链路,并为每条链路提供信息。one per each ISP, and provide the information for each link.

  6. 填写完这些字段后,选择“查看 + 创建”来验证和创建站点 。Once you have finished filling out the fields, select Review + create to verify and create the site.

  7. 在“VPN 站点”页查看状态。View the status on the VPN sites page. 站点将转到“所需的连接”,因为该站点尚未连接到中心 。The site will go to Connection Needed because the site has not yet been connected to the hub.

将 VPN 站点连接到中心Connect the VPN site to the hub

此步骤将 VPN 站点连接到中心。In this step, you connect your VPN site to the hub.

  1. 选择“连接 VPN 站点”来打开“连接站点”页 。Select Connect VPN Sites to open the Connect sites page.

    connectconnect

    完成以下字段:Complete the following fields:

    • 输入预共享密钥。Enter a pre-shared key. 如果未输入密钥,Azure 会自动生成一个。If you don't enter a key, Azure autogenerates one for you.
    • 选择“协议”和“IPsec 设置”。Select the Protocol and IPsec settings. 请参阅 [默认/自定义 IPSec 详细信息] (https://docs.microsoft.com/azure/virtual-wan/virtual-wan-ipsec)Refer to [default/custom IPSec details] (https://docs.microsoft.com/azure/virtual-wan/virtual-wan-ipsec)
    • 选择适合“传播默认路由”的选项 。Select the appropriate option for Propagate Default Route. “启用”选项允许虚拟中心将获知的默认路由传播到此连接 。The Enable option allows the virtual hub to propagate a learned default route to this connection. 只有当虚拟 WAN 中心由于在中心部署防火墙而获知默认路由或另一个连接的站点已启用强制隧道时,此标志才会将默认路由传播到连接。This flag enables default route propagation to a connection only if the default route is already learned by the Virtual WAN hub as a result of deploying a firewall in the hub, or if another connected site has forced tunneling enabled. 默认路由不源自虚拟 WAN 中心。The default route does not originate in the Virtual WAN hub.
  2. 选择“连接” 。Select Connect.

  3. 几分钟后,该站点将显示连接和连接状态。In a few minutes, the site will show the connection and connectivity status.

    statusstatus

    连接状态: 这是将 VPN 站点连接到 Azure 中心 VPN 网关的连接的 Azure 资源状态。Connection Status: This is the status of the Azure resource for the connection that connects the VPN Site to the Azure hub’s VPN gateway. 控制平面操作成功后,Azure VPN 网关和本地 VPN 设备将继续建立连接。Once this control plane operation is successful, Azure VPN gateway and the on-premises VPN device will proceed to establish connectivity.

    连接状态: 这是中心和 VPN 站点中 Azure VPN 网关之间的实际连接(数据路径)状态。Connectivity Status: This is the actual connectivity (data path) status between Azure’s VPN gateway in the hub and VPN Site. 可以显示以下任一状态:It can show any of the following states:

    • 未知:如果后端系统正在转换到另一状态,则通常会显示此状态。Unknown: This state is typically seen if the backend systems are working to transition to another status.
    • 连接:Azure VPN 网关正在尝试连接实际的本地 VPN 站点。Connecting: Azure VPN gateway is trying to reach out to the actual on-premises VPN site.
    • 已连接:Azure VPN 网关和本地 VPN 站点之间已建立连接。Connected: Connectivity is established between Azure VPN gateway and on-premises VPN site.
    • 断开连接:如果(在本地或 Azure 中)出于任何原因连接断开,则会显示此状态。Disconnected: This status is seen if, for any reason (on-premises or in Azure), the connection was disconnected.
  4. 在中心 VPN 站点内,还可以根据情况执行以下操作:Within a hub VPN site, you can additionally do the following:

    • 编辑或删除 VPN 连接。Edit or delete the VPN Connection.
    • 在 Azure 门户中删除站点。Delete the site in the Azure portal.
    • 使用站点旁的上下文 (…) 菜单下载特定于分支的配置以获取有关 Azure 端的详细信息。Download a branch-specific configuration for details about the Azure side using the context (…) menu next to the site. 如果要为中心内所有连接的站点下载配置,请在顶部菜单选择“下载 VPN 配置” 。If you want to download the configuration for all connected sites in your hub, select Download VPN Config on the top menu.

将 VNet 连接到中心Connect the VNet to the hub

此步骤在中心与 VNet 之间创建互连。In this step, you create the connection between your hub and a VNet. 针对要连接的每个 VNet 重复这些步骤。Repeat these steps for each VNet that you want to connect.

  1. 在虚拟 WAN 的页面上,单击“虚拟网络连接”。 On the page for your virtual WAN, click Virtual network connections.

  2. 在虚拟网络连接页上,单击“+添加连接”。 On the virtual network connection page, click +Add connection.

  3. 在“添加连接”页上填写以下字段 :On the Add connection page, fill in the following fields:

    • 连接名称 - 为连接命名。Connection name - Name your connection.
    • 中心 - 选择要与此连接关联的中心。Hubs - Select the hub you want to associate with this connection.
    • 订阅 - 验证订阅。Subscription - Verify the subscription.
    • 虚拟网络 - 选择要连接到此中心的虚拟网络。Virtual network - Select the virtual network you want to connect to this hub. 此虚拟网络不能包含现有的虚拟网络网关。The virtual network cannot have an already existing virtual network gateway.
  4. 单击“确定” 以创建虚拟网络连接。Click OK to create the virtual network connection.

下载 VPN 配置Download VPN configuration

使用 VPN 设备配置来配置本地 VPN 设备。Use the VPN device configuration to configure your on-premises VPN device.

  1. 在虚拟 WAN 的页面上,单击“概述”。 On the page for your virtual WAN, click Overview.
  2. 在“中心 ->VPNSite” 页的顶部,单击“下载 VPN 配置” 。Azure 会在资源组“microsoft-network-[location]”中创建一个存储帐户,其中,location 是 WAN 的位置。At the top of the Hub ->VPNSite page, click Download VPN config. Azure creates a storage account in the resource group 'microsoft-network-[location]', where location is the location of the WAN. 将配置应用到 VPN 设备后,可以删除此存储帐户。After you have applied the configuration to your VPN devices, you can delete this storage account.
  3. 完成创建文件后,可以单击相应的链接下载该文件。Once the file has finished creating, you can click the link to download it.
  4. 将配置应用到本地 VPN 设备。Apply the configuration to your on-premises VPN device.

了解 VPN 设备配置文件Understanding the VPN device configuration file

设备配置文件包含配置本地 VPN 设备时要使用的设置。The device configuration file contains the settings to use when configuring your on-premises VPN device. 查看此文件时,请留意以下信息:When you view this file, notice the following information:

  • vpnSiteConfiguration - 此部分表示当站点连接到虚拟 WAN 时设置的设备详细信息。vpnSiteConfiguration - This section denotes the device details set up as a site connecting to the virtual WAN. 它包含分支设备的名称和公共 IP 地址。It includes the name and public ip address of the branch device.

  • vpnSiteConnections - 此部分提供以下设置的信息:vpnSiteConnections - This section provides information about the following settings:

    • 虚拟中心 VNet 的地址空间Address space of the virtual hub(s) VNet
      示例:Example:

      "AddressSpace":"10.1.0.0/24"
      
    • 已连接到中心的 VNet 的地址空间Address space of the VNets that are connected to the hub
      示例:Example:

      "ConnectedSubnets":["10.2.0.0/16","10.3.0.0/16"]
      
    • 虚拟中心 vpngateway 的 IP 地址 。IP addresses of the virtual hub vpngateway. 由于 vpngateway 的每个连接由采用主动 - 主动配置的 2 个隧道构成,因此,此文件中列出了这两个 IP 地址。Because each connection of the vpngateway is composed of two tunnels in active-active configuration, you'll see both IP addresses listed in this file. 在此示例中,可以看到为每个站点指定了“Instance0”和“Instance1”。In this example, you see "Instance0" and "Instance1" for each site.
      示例:Example:

      "Instance0":"104.45.18.186"
      "Instance1":"104.45.13.195"
      
    • Vpngateway 连接配置详细信息,例如 BGP、预共享密钥等 。PSK 是自动生成的预共享密钥。Vpngateway connection configuration details such as BGP, pre-shared key etc. The PSK is the pre-shared key that is automatically generated for you. 始终可以在“概述”页中为自定义 PSK 编辑连接。You can always edit the connection in the Overview page for a custom PSK.

示例设备配置文件Example device configuration file

{ 
    "configurationVersion":{ 
       "LastUpdatedTime":"2018-07-03T18:29:49.8405161Z",
       "Version":"r403583d-9c82-4cb8-8570-1cbbcd9983b5"
    },
    "vpnSiteConfiguration":{ 
       "Name":"testsite1",
       "IPAddress":"73.239.3.208"
    },
    "vpnSiteConnections":[ 
       { 
          "hubConfiguration":{ 
             "AddressSpace":"10.1.0.0/24",
             "Region":"West Europe",
             "ConnectedSubnets":[ 
                "10.2.0.0/16",
                "10.3.0.0/16"
             ]
          },
          "gatewayConfiguration":{ 
             "IpAddresses":{ 
                "Instance0":"104.45.18.186",
                "Instance1":"104.45.13.195"
             }
          },
          "connectionConfiguration":{ 
             "IsBgpEnabled":false,
             "PSK":"bkOWe5dPPqkx0DfFE3tyuP7y3oYqAEbI",
             "IPsecParameters":{ 
                "SADataSizeInKilobytes":102400000,
                "SALifeTimeInSeconds":3600
             }
          }
       }
    ]
 },
 { 
    "configurationVersion":{ 
       "LastUpdatedTime":"2018-07-03T18:29:49.8405161Z",
       "Version":"1f33f891-e1ab-42b8-8d8c-c024d337bcac"
    },
    "vpnSiteConfiguration":{ 
       "Name":" testsite2",
       "IPAddress":"66.193.205.122"
    },
    "vpnSiteConnections":[ 
       { 
          "hubConfiguration":{ 
             "AddressSpace":"10.1.0.0/24",
             "Region":"West Europe"
          },
          "gatewayConfiguration":{ 
             "IpAddresses":{ 
                "Instance0":"104.45.18.187",
                "Instance1":"104.45.13.195"
             }
          },
          "connectionConfiguration":{ 
             "IsBgpEnabled":false,
             "PSK":"XzODPyAYQqFs4ai9WzrJour0qLzeg7Qg",
             "IPsecParameters":{ 
                "SADataSizeInKilobytes":102400000,
                "SALifeTimeInSeconds":3600
             }
          }
       }
    ]
 },
 { 
    "configurationVersion":{ 
       "LastUpdatedTime":"2018-07-03T18:29:49.8405161Z",
       "Version":"cd1e4a23-96bd-43a9-93b5-b51c2a945c7"
    },
    "vpnSiteConfiguration":{ 
       "Name":" testsite3",
       "IPAddress":"182.71.123.228"
    },
    "vpnSiteConnections":[ 
       { 
          "hubConfiguration":{ 
             "AddressSpace":"10.1.0.0/24",
             "Region":"West Europe"
          },
          "gatewayConfiguration":{ 
             "IpAddresses":{ 
                "Instance0":"104.45.18.187",
                "Instance1":"104.45.13.195"
             }
          },
          "connectionConfiguration":{ 
             "IsBgpEnabled":false,
             "PSK":"YLkSdSYd4wjjEThR3aIxaXaqNdxUwSo9",
             "IPsecParameters":{ 
                "SADataSizeInKilobytes":102400000,
                "SALifeTimeInSeconds":3600
             }
          }
       }
    ]
 }

配置 VPN 设备Configuring your VPN device

备注

如果正在使用虚拟 WAN 合作伙伴解决方案,则会自动进行 VPN 设备配置。If you are working with a Virtual WAN partner solution, VPN device configuration automatically happens. 设备控制器将从 Azure 获取配置文件并应用于设备以设置与 Azure 的连接。The device controller obtains the configuration file from Azure and applies to the device to set up connection to Azure. 这意味着,无需知道如何手动配置 VPN 设备。This means you don't need to know how to manually configure your VPN device.

如需有关如何配置设备的说明,可以使用 VPN 设备配置脚本页中的说明,并注意以下事项:If you need instructions to configure your device, you can use the instructions on the VPN device configuration scripts page with the following caveats:

  • VPN 设备页上的说明不是针对虚拟 WAN 编写的,但你可以使用配置文件中的虚拟 WAN 值来手动配置 VPN 设备。The instructions on the VPN devices page are not written for Virtual WAN, but you can use the Virtual WAN values from the configuration file to manually configure your VPN device.
  • 适用于 VPN 网关的可下载设备配置脚本并不适用于虚拟 WAN,因为配置不同。The downloadable device configuration scripts that are for VPN Gateway do not work for Virtual WAN, as the configuration is different.
  • 新的虚拟 WAN 可以同时支持 IKEv1 和 IKEv2。A new Virtual WAN can support both IKEv1 and IKEv2.
  • 虚拟 WAN 可以使用基于策略和基于路由的 VPN 设备和设备说明。Virtual WAN can use both policy based and route-based VPN devices and device instructions.

查看虚拟 WANView your virtual WAN

  1. 导航到虚拟 WAN。Navigate to the virtual WAN.
  2. 在“概述” 页上,地图中的每个点表示一个中心。On the Overview page, each point on the map represents a hub. 将鼠标悬停在任意点上可查看中心运行状况摘要、连接状态以及传入和传出的字节数。Hover over any point to view the hub health summary, connection status, and bytes in and out.
  3. 在“中心和连接”部分中,可以查看中心状态、VPN 站点等。可以单击特定的中心名称并导航到 VPN 站点以获取更多详细信息。In the Hubs and connections section, you can view hub status, VPN sites, etc. You can click on a specific hub name and navigate to the VPN Site for additional details.

后续步骤Next steps

若要详细了解虚拟 WAN,请参阅虚拟 WAN 概述页。To learn more about Virtual WAN, see the Virtual WAN Overview page.