Azure S2S VPN help - please

micromasters · March 11, 2025, 1:47pm

I’m not an Azure or a networking person. Most of these stuff is beyond me.

Recently I’ve been told to create an S2S VPN from our Azure site to a vendors’, using the Azure documentation here. Vendor plans to shut off previous implementation soon.

We already have an existing resource group, set up with a VM the other resources needed (vnet, nsg, route tables). I’ve tried following the instructions above, by setting up a virtual network gateway, a public IP address, and then a local network gateway - which resulted in this error:

Virtual Network Gateway connection /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrg-test-network-01/providers/Microsoft.Network/connections/s2s-test-network-01 has overlapping address spaces. The overlapping address space prefixes are 10.25.16.0/20 and 10.25.16.0/24. (Code: GatewayConnectionHasOverlappingAddressSpaces)

Questions:

Under the virtual network gateway, what is the gateway subnet address range? Should this be an entirely new subnet range, or the one the VM is sitting on?
Under the local network gateway, what is the IP address and Address Space I’m supposed to use?
Should I have created an entirely new virtual network for this?

anonymitygone · March 11, 2025, 1:47pm

The gateway subnet ip range has to be a smaller part of the vnet ip range.
The local network gateway ip space is the space for whatever the vpn is connecting to. IF you were connecting your azure environment to a corporate office, it would be the IP address used at the corporate ofice. This is so Azure knows where to route.
Probably not, because then you’ll have to figure out vnet peering.

anonymitygone · March 11, 2025, 1:47pm

Oh, also for the first question, your VM can not be a part of the gateway subnet. In your virtual network, you’ll have at least 2 subnets. One will be named GatewaySubnet and one will be the one where your VM is.

micromasters · March 11, 2025, 1:47pm

Thanks for all the answers, I’ll have to try it out when I get the chance. Noticed your code specified au-east - guess you’re in AU somewhere?

anonymitygone · March 11, 2025, 1:47pm

$vnet = @{
    Name = 's2s-vnet'
    ResourceGroupName = 'network-rg'
    Location = 'australiaeast'
    AddressPrefix = '10.25.16.0/24'
}
$virtualNetwork = New-AzVirtualNetwork @vnet
Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.25.16.0/26 -VirtualNetwork $virtualNetwork
Add-AzVirtualNetworkSubnetConfig -Name 'AzureBastionSubnet' -AddressPrefix 10.25.16.64/26 -VirtualNetwork $virtualNetwork
Add-AzVirtualNetworkSubnetConfig -Name 'VmSubnet'-AddressPrefix 10.25.16.128/26 -VirtualNetwork $virtualNetwork
$virtualNetwork | Set-AzVirtualNetwork

anonymitygone · March 11, 2025, 1:47pm

Nah, I’m in the US. I just saw that your last post was in r/perth so I figured you probably were in Australia.