The Azure Quickstart templates are currently available in English

Site-to-Site VPN with active-active VPN Gateways with BGP

Fabrizio Ferri 提供
上次更新日期: 2021/4/6

This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.

此 Azure Resource Manager (ARM) 範本是由社群成員 (而非 Microsoft) 建立。每個 ARM 範本都是由其擁有者 (而非 Microsoft) 依據授權合約授權給您。Microsoft 並不負責社群成員所提供和授權的 ARM 範本,而不會為了安全性、相容性或效能進行篩選。社群 ARM 範本並未依據任何 Microsoft 支援方案或服務提供支援,而且會在沒有任何擔保的情況下依現況提供。

參數

參數名稱 說明
prefix naming prefix of the objects in the resource. it can be an empty string.
location1 First Azure region with Availability Zone
location2 Second Azure region with Availability Zone
vNet1Name Arbitrary name for the Azure Virtual Network 1
vNet2Name Arbitrary name for the Azure Virtual Network 2
vNet1AddressPrefix CIDR block representing the address space of the Azure VNet 1
vNet2AddressPrefix CIDR block representing the address space of the Azure VNet 2
subnet11Name Arbitrary name for the Azure subnet1 in VNet1
subnet12Name Arbitrary name for the Azure subnet2 in VNet1
subnet21Name Arbitrary name for the Azure subnet1 in VNet2
subnet22Name Arbitrary name for the Azure subnet2 in VNet2
subnet11Prefix CIDR block for subnet1 in VNet1- it is a subset of vNet1AddressPrefix address space
subnet12Prefix CIDR block for subnet2 in VNet1- it is a subset of vNet1AddressPrefix address space
gateway1subnetPrefix CIDR block for gateway subnet- it is a subset of vNet1AddressPrefix address space
subnet21Prefix CIDR block for subnet1 in VNet2- it is a subset of vNet2AddressPrefix address space
subnet22Prefix CIDR block for subnet2 in VNet2- it is a subset of vNet2AddressPrefix address space
gateway2subnetPrefix CIDR block for gateway subnet- it is a subset of vNet2AddressPrefix address space
gateway1Name Arbitrary name for the new gateway1
gateway2Name Arbitrary name for the new gateway2
gateway1PublicIP1Name Arbitrary name for public IP1 resource used for the new azure gateway1
gateway1PublicIP2Name Arbitrary name for public IP2 resource used for the new azure gateway1
gateway2PublicIP1Name Arbitrary name for public IP1 resource used for the new azure gateway2
gateway2PublicIP2Name Arbitrary name for public IP2 resource used for the new azure gateway2
gatewaySku The Sku of the Gateway
vpnGatewayGeneration (沒有可用的說明)
asnGtw1 BGP Autonomous System Number of the VPN Gateway1 in VNet1
asnGtw2 BGP Autonomous System Number of the VPN Gateway2 in VNet2
localGatewayName11 Arbitrary name for gateway resource representing VPN gateway1-public IP1
localGatewayName12 Arbitrary name for gateway resource representing VPN gateway1-publicIP2
localGatewayName21 Arbitrary name for gateway resource representing VPN gateway2-publicIP1
localGatewayName22 Arbitrary name for gateway resource representing VPN gateway2-publicIP2
connectionName11-21 Arbitrary name for the new connection between VPN gateway1 and the remote VPN Gateway2-public IP1
connectionName12-22 Arbitrary name for the new connection between VPN gateway1 and the remote VPN Gateway2-public IP2
connectionName21-11 Arbitrary name for the new connection between VPN gateway2 and the remote VPN Gateway1-public IP1
connectionName22-12 Arbitrary name for the new connection between VPN gateway2 and the remote VPN Gateway1-public IP2
sharedKey Shared key (PSK) for IPSec tunnels
vm1Name name of the VM in subnet1 in VNet1
vm2Name name of the VM in subnet1 in VNet2
vmSize Size of the Virtual Machine
adminUsername administrator username of the VMs
adminPassword administrator password of the VMs
dnsLabelgtw1PubIP1 dns name of public IP1 of the VPN Gateway1. Must be lowercase. It should match with the regex: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$.
dnsLabelgtw1PubIP2 dns name of public IP2 of the VPN Gateway1. Must be lowercase. It should match with the regex: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$.
dnsLabelgtw2PubIP1 dns name of public IP1 of the VPN Gateway2. Must be lowercase. It should match with the regex: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$.
dnsLabelgtw2PubIP2 dns name of public IP2 of the VPN Gateway2. Must be lowercase. It should match with the regex: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$.

使用範本

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-site-to-site-vpn-fqdn-bgp/azuredeploy.json
安裝和設定 Azure PowerShell

命令列

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-site-to-site-vpn-fqdn-bgp/azuredeploy.json
安裝和設定 Azure 跨平台命令列介面