您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

配置 VNet 到 VNet 连接(经典)Configure a VNet-to-VNet connection (classic)

备注

本文为经典部署模型而写。This article is written for the classic deployment model. 如果不熟悉 Azure,建议改用资源管理器部署模型。If you're new to Azure, we recommend that you use the Resource Manager deployment model instead. 资源管理器部署模型是最新的部署模型,提供比经典部署模型更多的选项和更强的功能兼容性。The Resource Manager deployment model is the most current deployment model and offers more options and feature compatibility than the classic deployment model. 有关部署模型的详细信息,请参阅了解部署模型For more information about the deployment models, see Understanding deployment models.

若要查看本文的资源管理器版本,请从下面的下拉列表或左侧的目录中将其选中。For the Resource Manager version of this article, select it from the drop-down list below, or from the table of contents on the left.

本文介绍如何在虚拟网络之间创建 VPN 网关连接。This article helps you create a VPN gateway connection between virtual networks. 虚拟网络可以位于相同或不同的区域,也可以来自相同或不同的订阅。The virtual networks can be in the same or different regions, and from the same or different subscriptions. 本文中的步骤适用于经典部署模型和 Azure 门户。The steps in this article apply to the classic deployment model and the Azure portal. 也可使用不同的部署工具或部署模型来创建此配置,方法是从以下列表中选择另一选项:You can also create this configuration using a different deployment tool or deployment model by selecting a different option from the following list:

VNet 到 VNet 连接示意图

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

关于 VNet 到 VNet 的连接About VNet-to-VNet connections

在经典部署模型中使用 VPN 网关将一个虚拟网络连接到另一个虚拟网络(VNet 到 VNet)类似于将虚拟网络连接到本地站点位置。Connecting a virtual network to another virtual network (VNet-to-VNet) in the classic deployment model using a VPN gateway is similar to connecting a virtual network to an on-premises site location. 这两种连接类型都使用 VPN 网关来提供使用 IPsec/IKE 的安全隧道。Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE.

连接的 VNet 可位于不同的订阅和不同的区域中。The VNets you connect can be in different subscriptions and different regions. 可以将 VNet 到 VNet 通信与多站点配置组合使用。You can combine VNet to VNet communication with multi-site configurations. 这样,便可以建立将跨界连接与虚拟网络间连接相结合的网络拓扑。This lets you establish network topologies that combine cross-premises connectivity with inter-virtual network connectivity.

VNet 到 VNet 连接

为什么要连接虚拟网络?Why connect virtual networks?

你可能会出于以下原因而连接虚拟网络:You may want to connect virtual networks for the following reasons:

  • 跨区域地域冗余和地域存在Cross region geo-redundancy and geo-presence

    • 可以使用安全连接设置自己的异地复制或同步,而无需借助于面向 Internet 的终结点。You can set up your own geo-replication or synchronization with secure connectivity without going over Internet-facing endpoints.
    • 使用 Azure 负载均衡器和 Microsoft 或第三方群集技术,可以设置支持跨多个 Azure 区域实现地域冗余的高可用性工作负荷。With Azure Load Balancer and Microsoft or third-party clustering technology, you can set up highly available workload with geo-redundancy across multiple Azure regions. 一个重要的示例就是对分布在多个 Azure 区域中的可用性组设置 SQL Always On。One important example is to set up SQL Always On with Availability Groups spreading across multiple Azure regions.
  • 具有强大隔离边界的区域多层应用程序Regional multi-tier applications with strong isolation boundary

    • 在同一区域中,可以设置具有多个 VNet 的多层应用程序,这些虚拟网络相互连接在一起,但同时又能保持强大的隔离性,而且还能进行安全的层间通信。Within the same region, you can set up multi-tier applications with multiple VNets connected together with strong isolation and secure inter-tier communication.
  • 在 Azure 中跨订阅进行组织间通信Cross subscription, inter-organization communication in Azure

    • 如果有多个 Azure 订阅,可以在虚拟网络之间安全地将不同订阅中的工作负荷连接起来。If you have multiple Azure subscriptions, you can connect workloads from different subscriptions together securely between virtual networks.
    • 对于企业或服务提供商而言,可以在 Azure 中使用安全 VPN 技术启用跨组织通信。For enterprises or service providers, you can enable cross-organization communication with secure VPN technology within Azure.

有关 VNet 到 VNet 连接的详细信息,请参阅本文末尾的 VNet 到 VNet 注意事项For more information about VNet-to-VNet connections, see VNet-to-VNet considerations at the end of this article.

开始之前Before you begin

开始本练习之前,请下载和安装最新版本的 Azure 服务管理 (SM) PowerShell cmdlet。Before beginning this exercise, download and install the latest version of the Azure Service Management (SM) PowerShell cmdlets. 有关详细信息,请参阅如何安装和配置 Azure PowerShellFor more information, see How to install and configure Azure PowerShell. 使用门户即可执行大部分步骤,但必须使用 PowerShell 创建 VNet 之间的连接。We use the portal for most of the steps, but you must use PowerShell to create the connections between the VNets. 无法使用 Azure 门户创建此连接。You can't create the connections using the Azure portal.

步骤 1 - 规划 IP 地址范围Step 1 - Plan your IP address ranges

必须确定要用于配置虚拟网络的范围。It’s important to decide the ranges that you’ll use to configure your virtual networks. 对于此配置,必须确保 VNet 的范围不互相重叠,也不与它们连接到的任何本地网络重叠。For this configuration, you must make sure that none of your VNet ranges overlap with each other, or with any of the local networks that they connect to.

下表显示有关如何定义 VNet 的示例。The following table shows an example of how to define your VNets. 其中的范围仅供参考。Use the ranges as a guideline only. 请记下虚拟网络的范围。Write down the ranges for your virtual networks. 后面的步骤需要用到此信息。You need this information for later steps.

示例Example

虚拟网络Virtual Network 地址空间Address Space 区域Region 连接到本地网络站点Connects to local network site
TestVNet1TestVNet1 TestVNet1TestVNet1
(10.11.0.0/16)(10.11.0.0/16)
(10.12.0.0/16)(10.12.0.0/16)
美国东部East US VNet4LocalVNet4Local
(10.41.0.0/16)(10.41.0.0/16)
(10.42.0.0/16)(10.42.0.0/16)
TestVNet4TestVNet4 TestVNet4TestVNet4
(10.41.0.0/16)(10.41.0.0/16)
(10.42.0.0/16)(10.42.0.0/16)
美国西部West US VNet1LocalVNet1Local
(10.11.0.0/16)(10.11.0.0/16)
(10.12.0.0/16)(10.12.0.0/16)

步骤 2 - 创建虚拟网络Step 2 - Create the virtual networks

Azure 门户中创建两个虚拟网络。Create two virtual networks in the Azure portal. 有关创建经典虚拟网络的步骤,请参阅创建经典虚拟网络For the steps to create classic virtual networks, see Create a classic virtual network.

使用门户创建经典虚拟网络时,必须通过执行以下步骤导航到“虚拟网络”页面,否则不会显示用于创建经典虚拟网络的选项:When using the portal to create a classic virtual network, you must navigate to the virtual network page by using the following steps, otherwise the option to create a classic virtual network does not appear:

  1. 单击“+”打开“新建”页面。Click the '+' to open the 'New' page.
  2. 在“在市场中搜索”字段中,键入“虚拟网络”。In the 'Search the marketplace' field, type 'Virtual Network'. 如果改为选择“网络”->“虚拟网络”,则不会显示用于创建经典 VNet 的选项。If you instead, select Networking -> Virtual Network, you will not get the option to create a classic VNet.
  3. 从返回的列表中找到“虚拟网络”,单击它打开“虚拟网络”页面。Locate 'Virtual Network' from the returned list and click it to open the Virtual Network page.
  4. 在“虚拟网络”页面上,选择“经典”以创建经典 VNet。On the virtual network page, select 'Classic' to create a classic VNet.

如果使用本文进行练习,可以使用以下示例值:If you are using this article as an exercise, you can use the following example values:

用于 TestVNet1 的值Values for TestVNet1

姓名:TestVNet1Name: TestVNet1
地址空间:10.11.0.0/16, 10.12.0.0/16(可选)Address space: 10.11.0.0/16, 10.12.0.0/16 (optional)
子网名称:默认值Subnet name: default
子网地址范围:10.11.0.1/24Subnet address range: 10.11.0.1/24
资源组:ClassicRGResource group: ClassicRG
位置:美国东部Location: East US
GatewaySubnet:10.11.1.0/27GatewaySubnet: 10.11.1.0/27

用于 TestVNet4 的值Values for TestVNet4

姓名:TestVNet4Name: TestVNet4
地址空间:10.41.0.0/16, 10.42.0.0/16(可选)Address space: 10.41.0.0/16, 10.42.0.0/16 (optional)
子网名称:默认值Subnet name: default
子网地址范围:10.41.0.1/24Subnet address range: 10.41.0.1/24
资源组:ClassicRGResource group: ClassicRG
位置:美国西部Location: West US
GatewaySubnet:10.41.1.0/27GatewaySubnet: 10.41.1.0/27

创建 VNet 时,请注意以下设置:When creating your VNets, keep in mind the following settings:

  • 虚拟网络地址空间 – 在“虚拟网络地址空间”页上,指定要用于虚拟网络的地址范围。Virtual Network Address Spaces – On the Virtual Network Address Spaces page, specify the address range that you want to use for your virtual network. 这些都是动态 IP 地址,将分配给你部署到此虚拟网络的 VM 和其他角色实例。These are the dynamic IP addresses that will be assigned to the VMs and other role instances that you deploy to this virtual network.
    选择的地址空间不能与任何其他 VNet 的地址空间重叠,也不能与此 VNet 将连接到的本地位置的地址空间重叠。The address spaces you select cannot overlap with the address spaces for any of the other VNets or on-premises locations that this VNet will connect to.

  • 位置 - 创建虚拟网络时,它将与某个 Azure 位置(区域)相关联。Location – When you create a virtual network, you associate it with an Azure location (region). 例如,如果要部署到虚拟网络的 VM 的实际位置为美国西部,请选择该位置。For example, if you want your VMs that are deployed to your virtual network to be physically located in West US, select that location. 创建虚拟网络后,将无法更改与虚拟网络关联的位置。You can’t change the location associated with your virtual network after you create it.

创建 VNet 后,可以添加以下设置:After creating your VNets, you can add the following settings:

  • 地址空间 – 此配置不需要额外的地址空间,但可以在创建 VNet 后添加额外的地址空间。Address space – Additional address space is not required for this configuration, but you can add additional address space after creating the VNet.

  • 子网 – 此配置不需要额外的子网,但你可能希望使 VM 位于不同于其他角色实例的子网中。Subnets – Additional subnets are not required for this configuration, but you might want to have your VMs in a subnet that is separate from your other role instances.

  • DNS 服务器 – 输入 DNS 服务器名称和 IP 地址。DNS servers – Enter the DNS server name and IP address. 此设置不创建 DNS 服务器。This setting does not create a DNS server. 此设置允许指定要用于对此虚拟网络进行名称解析的 DNS 服务器。It allows you to specify the DNS servers that you want to use for name resolution for this virtual network.

在本部分中,会配置连接类型、本地站点并创建网关。In this section, you configure the connection type, the local site, and create the gateway.

步骤 3 - 配置本地站点Step 3 - Configure the local site

Azure 使用在每个本地网络站点中指定的设置来确定如何在 VNet 之间路由流量。Azure uses the settings specified in each local network site to determine how to route traffic between the VNets. 每个 VNet 都必须指向要将流量路由到的相应本地网络。Each VNet must point to the respective local network that you want to route traffic to. 如果需要使用名称来引用每个本地网络站点,由你来决定该名称。You determine the name you want to use to refer to each local network site. 最好使用描述性文本。It's best to use something descriptive.

例如,TestVNet1 连接到所创建的名为“VNet4Local”的本地网络站点。For example, TestVNet1 connects to a local network site that you create named 'VNet4Local'. VNet4Local 的设置包含 TestVNet4 的地址前缀。The settings for VNet4Local contain the address prefixes for TestVNet4.

每个 VNet 的本地站点是另一个 VNet。The local site for each VNet is the other VNet. 我们的配置使用以下示例值:The following example values are used for our configuration:

虚拟网络Virtual Network 地址空间Address Space 区域Region 连接到本地网络站点Connects to local network site
TestVNet1TestVNet1 TestVNet1TestVNet1
(10.11.0.0/16)(10.11.0.0/16)
(10.12.0.0/16)(10.12.0.0/16)
美国东部East US VNet4LocalVNet4Local
(10.41.0.0/16)(10.41.0.0/16)
(10.42.0.0/16)(10.42.0.0/16)
TestVNet4TestVNet4 TestVNet4TestVNet4
(10.41.0.0/16)(10.41.0.0/16)
(10.42.0.0/16)(10.42.0.0/16)
美国西部West US VNet1LocalVNet1Local
(10.11.0.0/16)(10.11.0.0/16)
(10.12.0.0/16)(10.12.0.0/16)
  1. 在 Azure 门户中找到 TestVNet1。Locate TestVNet1 in the Azure portal. 在页面的“VPN 连接”部分,单击“网关”。 In the VPN connections section of the page, click Gateway.

    无网关

  2. 在“新建 VPN 连接”页面上,选择“站点到站点”。 On the New VPN Connection page, select Site-to-Site.

  3. 单击“本地站点”以打开“本地站点”页面并配置设置。 Click Local site to open the Local site page and configure the settings.

  4. 在“本地站点”页面上,为本地站点命名。 On the Local site page, name your local site. 在示例中,我们将本地站点命名为“VNet4Local”。In our example, we name the local site 'VNet4Local'.

  5. 对于“VPN 网关 IP 地址”,可以使用所需的任何 IP 地址,只要它采用有效格式即可。 For VPN gateway IP address, you can use any IP address that you want, as long as it's in a valid format. 通常,应该使用 VPN 设备的实际外部 IP 地址。Typically, you’d use the actual external IP address for a VPN device. 但是,对于经典 VNet 到 VNet 配置,请使用分配给 VNet 的网关的公共 IP 地址。But, for a classic VNet-to-VNet configuration, you use the public IP address that is assigned to the gateway for your VNet. 考虑到尚未创建该虚拟网络网关,因此,将指定任何有效的公共 IP 地址作为占位符。Given that you’ve not yet created the virtual network gateway, you specify any valid public IP address as a placeholder.
    请勿将此留空 - 就此配置来说,此项不是可选项。Don't leave this blank - it's not optional for this configuration. 稍后将返回到这些设置,使用 Azure 生成的相应虚拟网络网关 IP 地址对其进行配置。In a later step, you go back into these settings and configure them with the corresponding virtual network gateway IP addresses once Azure generates it.

  6. 对于“客户端地址空间”,使用另一 VNet 的地址空间。 For Client Address Space, use the address space of the other VNet. 请参考规划示例。Refer to your planning example. 单击“确定”以保存设置并返回到“新建 VPN 连接”页面。 Click OK to save your settings and return back to the New VPN Connection page.

    本地站点

步骤 4 - 创建虚拟网关Step 4 - Create the virtual network gateway

每个虚拟网络都必须具有一个虚拟网络网关。Each virtual network must have a virtual network gateway. 虚拟网络网关对流量进行路由和加密。The virtual network gateway routes and encrypts traffic.

  1. 在“新建 VPN 连接” 页上,选中“立即创建网关”复选框 。On the New VPN Connection page, select the checkbox Create gateway immediately.
  2. 单击“子网、大小和路由类型”。 Click Subnet, size and routing type. 在“网关配置”页上,单击“子网”。 On the Gateway configuration page, click Subnet.
  3. 网关子网名称自动以所需的名称“GatewaySubnet”进行填充。The gateway subnet name is filled in automatically with the required name 'GatewaySubnet'. “地址范围”包含分配给 VPN 网关服务的 IP 地址。The Address range contains the IP addresses that are allocated to the VPN gateway services. 某些配置允许使用网关子网 /29,但最好使用 /28 或 /27 以适应将来可能需要为网关服务使用更多 IP 地址的配置。Some configurations allow a gateway subnet of /29, but it's best to use a /28 or /27 to accommodate future configurations that may require more IP addresses for the gateway services. 在示例设置中,我们使用了 10.11.1.0/27。In our example settings, we use 10.11.1.0/27. 调整地址空间,然后单击“确定”。 Adjust the address space, then click OK.
  4. 配置“网关大小”。 Configure the Gateway Size. 此设置指的是网关 SKUThis setting refers to the Gateway SKU.
  5. 配置“路由类型”。 Configure the Routing Type. 此配置的路由类型必须为“动态”。 The routing type for this configuration must be Dynamic. 无法更改路由类型,除非删除网关并创建一个新网关。You can't change the routing type later unless you tear down the gateway and create a new one.
  6. 单击“确定”。 Click OK.
  7. 在“新建 VPN 连接”页上,单击“确定”,开始创建虚拟网络网关 。On the New VPN Connection page, click OK to begin creating the virtual network gateway. 创建网关通常需要 45 分钟或更长的时间,具体取决于所选的网关 SKU。Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.

步骤 5 - 配置 TestVNet4 设置Step 5 - Configure TestVNet4 settings

重复创建本地站点创建虚拟网络网关中的步骤来配置 TestVNet4,并在必要时对值进行替换。Repeat the steps to Create a local site and Create the virtual network gateway to configure TestVNet4, substituting the values when necessary. 如果是作为练习执行此操作,请使用示例值If you are doing this as an exercise, use the Example values.

步骤 6 - 更新本地站点Step 6 - Update the local sites

在为两个 VNet 创建虚拟网络网关后,必须调整本地站点的 VPN 网关 IP 地址值。After your virtual network gateways have been created for both VNets, you must adjust the local sites VPN gateway IP address values.

VNet 名称VNet name 连接的站点Connected site 网关 IP 地址Gateway IP address
TestVNet1TestVNet1 VNet4LocalVNet4Local TestVNet4 的 VPN 网关 IP 地址VPN gateway IP address for TestVNet4
TestVNet4TestVNet4 VNet1LocalVNet1Local TestVNet1 的 VPN 网关 IP 地址VPN gateway IP address for TestVNet1

第 1 部分 - 获取虚拟网络网关的公共 IP 地址Part 1 - Get the virtual network gateway public IP address

  1. 在 Azure 门户中找到虚拟网络。Locate your virtual network in the Azure portal.

  2. 单击以打开 VNet“概述”页。 Click to open the VNet Overview page. 在该页上,在“VPN 连接”中,可以查看虚拟网络网关的 IP 地址。 On the page, in VPN connections, you can view the IP address for your virtual network gateway.

    公共 IP

  3. 复制 IP 地址。Copy the IP address. 在接下来的部分中将使用它。You will use it in the next section.

  4. 为 TestVNet4 重复上述步骤Repeat these steps for TestVNet4

第 2 部分 - 修改本地站点Part 2 - Modify the local sites

  1. 在 Azure 门户中找到虚拟网络。Locate your virtual network in the Azure portal.

  2. 在 VNet“概述”页上,单击本地站点。 On the VNet Overview page, click the local site.

    创建的本地站点

  3. 在“站点到站点 VPN 连接”页上,单击要修改的本地站点的名称。 On the Site-to-Site VPN Connections page, click the name of the local site that you want to modify.

    打开本地站点

  4. 单击要修改的本地站点Click the Local site that you want to modify.

    修改站点

  5. 更新“VPN 网关 IP 地址”并单击“确定”以保存设置。 Update the VPN gateway IP address and click OK to save the settings.

    网关 IP

  6. 关闭其他页。Close the other pages.

  7. 为 TestVNet4 重复上述步骤。Repeat these steps for TestVNet4.

步骤 7 - 从网络配置文件中检索值Step 7 - Retrieve values from the network configuration file

在 Azure 门户中创建经典 VNet 时,看到的名称不是用于 PowerShell 的完整名称。When you create classic VNets in the Azure portal, the name that you view is not the full name that you use for PowerShell. 例如,在门户中命名为 TestVNet1 的 VNet 在网络配置文件中可能具有更长的名称。For example, a VNet that appears to be named TestVNet1 in the portal, may have a much longer name in the network configuration file. 名称可能如下所示:Group ClassicRG TestVNet1The name might look something like: Group ClassicRG TestVNet1. 在创建连接时,请务必使用在网络配置文件中看到的值。When you create your connections, it's important to use the values that you see in the network configuration file.

在下面的步骤中,需连接到 Azure 帐户并下载和查看网络配置文件,以便获取连接所需的值。In the following steps, you will connect to your Azure account and download and view the network configuration file to obtain the values that are required for your connections.

  1. 下载和安装最新版本的 Azure 服务管理 (SM) PowerShell cmdlet。Download and install the latest version of the Azure Service Management (SM) PowerShell cmdlets. 有关详细信息,请参阅如何安装和配置 Azure PowerShellFor more information, see How to install and configure Azure PowerShell.

  2. 使用提升的权限打开 PowerShell 控制台,并连接到帐户。Open your PowerShell console with elevated rights and connect to your account. 使用下面的示例来帮助连接:Use the following example to help you connect:

    Connect-AzAccount
    

    检查该帐户的订阅。Check the subscriptions for the account.

    Get-AzSubscription
    

    如果有多个订阅,请选择要使用的订阅。If you have more than one subscription, select the subscription that you want to use.

    Select-AzSubscription -SubscriptionName "Replace_with_your_subscription_name"
    

    接下来,使用以下 cmdlet 将 Azure 订阅添加到经典部署模型的 PowerShell。Next, use the following cmdlet to add your Azure subscription to PowerShell for the classic deployment model.

    Add-AzureAccount
    
  3. 导出并查看网络配置文件。Export and view the network configuration file. 在计算机上创建一个目录,然后将网络配置文件导出到该目录。Create a directory on your computer and then export the network configuration file to the directory. 在此示例中,网络配置文件导出到 C:\AzureNetIn this example, the network configuration file is exported to C:\AzureNet.

    Get-AzureVNetConfig -ExportToFile C:\AzureNet\NetworkConfig.xml
    
  4. 使用文本编辑器打开该文件,并查看 VNet 和站点的名称。Open the file with a text editor and view the names for your VNets and sites. 会在创建连接时使用这些名称。These will be the name you use when you create your connections.
    VNet 名称以 VirtualNetworkSite name = 形式列出VNet names are listed as VirtualNetworkSite name =
    站点名称以 LocalNetworkSiteRef name = 形式列出Site names are listed as LocalNetworkSiteRef name =

步骤 8 - 创建 VPN 网关连接Step 8 - Create the VPN gateway connections

完成前面的所有步骤后,可以设置 IPsec/IKE 预共享密钥并创建连接。When all the previous steps have been completed, you can set the IPsec/IKE pre-shared keys and create the connection. 这组步骤使用 PowerShell。This set of steps uses PowerShell. 无法在 Azure 门户中配置经典部署模型的 VNet 到 VNet 连接。VNet-to-VNet connections for the classic deployment model cannot be configured in the Azure portal.

在示例中,可以看到共享密钥完全相同。In the examples, notice that the shared key is exactly the same. 共享的密钥必须始终匹配。The shared key must always match. 请务必将这些示例中的值替换为 VNet 和本地网络站点的确切名称。Be sure to replace the values in these examples with the exact names for your VNets and Local Network Sites.

  1. 创建 TestVNet1 到 TestVNet4 的连接。Create the TestVNet1 to TestVNet4 connection.

    Set-AzureVNetGatewayKey -VNetName 'Group ClassicRG TestVNet1' `
    -LocalNetworkSiteName '17BE5E2C_VNet4Local' -SharedKey A1b2C3D4
    
  2. 创建 TestVNet4 到 TestVNet1 的连接。Create the TestVNet4 to TestVNet1 connection.

    Set-AzureVNetGatewayKey -VNetName 'Group ClassicRG TestVNet4' `
    -LocalNetworkSiteName 'F7F7BFC7_VNet1Local' -SharedKey A1b2C3D4
    
  3. 等待连接初始化。Wait for the connections to initialize. 在网关初始化后,状态将变为“成功”。Once the gateway has initialized, the Status is 'Successful'.

    Error          :
    HttpStatusCode : OK
    Id             :
    Status         : Successful
    RequestId      :
    StatusCode     : OK
    

经典 VNet 的 VNet 到 VNet 注意事项VNet-to-VNet considerations for classic VNets

  • 虚拟网络可以在相同或不同的订阅中。The virtual networks can be in the same or different subscriptions.
  • 虚拟网络可以在相同或不同的 Azure 区域(位置)中。The virtual networks can be in the same or different Azure regions (locations).
  • 云服务或负载均衡终结点不能跨虚拟网络,即使它们连接在一起,也是如此。A cloud service or a load balancing endpoint can't span across virtual networks, even if they are connected together.
  • 将多个虚拟网络连接在一起不需要任何 VPN 设备。Connecting multiple virtual networks together doesn't require any VPN devices.
  • VNet 到 VNet 通信支持连接 Azure 虚拟网络。VNet-to-VNet supports connecting Azure Virtual Networks. 它不支持连接未部署到虚拟网络的虚拟机或云服务。It does not support connecting virtual machines or cloud services that are not deployed to a virtual network.
  • VNet 到 VNet 通信需要动态路由网关。VNet-to-VNet requires dynamic routing gateways. 不支持 Azure 静态路由网关。Azure static routing gateways are not supported.
  • 虚拟网络连接可与多站点 VPN 同时使用。Virtual network connectivity can be used simultaneously with multi-site VPNs. 最多可以将一个虚拟网络 VPN 网关的 10 个 VPN 隧道连接到其他虚拟网络或本地站点。There is a maximum of 10 VPN tunnels for a virtual network VPN gateway connecting to either other virtual networks, or on-premises sites.
  • 虚拟网络和本地网络站点的地址空间不得重叠。The address spaces of the virtual networks and on-premises local network sites must not overlap. 地址空间重叠将会导致创建虚拟网络或上传 netcfg 配置文件失败。Overlapping address spaces will cause the creation of virtual networks or uploading netcfg configuration files to fail.
  • 不支持一对虚拟网络之间存在冗余隧道。Redundant tunnels between a pair of virtual networks are not supported.
  • VNet 的所有 VPN 隧道(包括 P2S VPN)共享 VPN 网关上的可用带宽,以及 Azure 中的相同 VPN 网关运行时间 SLA。All VPN tunnels for the VNet, including P2S VPNs, share the available bandwidth for the VPN gateway, and the same VPN gateway uptime SLA in Azure.
  • VNet 到 VNet 流量会流经 Azure 主干。VNet-to-VNet traffic travels across the Azure backbone.

后续步骤Next steps

验证连接。Verify your connections. 请参阅验证 VPN 网关连接See Verify a VPN Gateway connection.