Extend corporate local network to Azure Cloud

Warning: Parameter 2 to wp_hide_post_Public::query_posts_join() expected to be a reference, value given in /homepages/3/d434851053/htdocs/app434863293/wp-includes/class-wp-hook.php on line 288

Cloud is more and more common in companies strategies. However, having a cloud completely isolated from your corporate network could be frustrating. Connecting your cloud tenant to your local network will allow you to use your cloud environment much easier and much efficiently. Your cloud will really become your test/dev environment, heavy workload platform or disaster recovery solution. Connecting it to your network will really benefit your IT.

In this article, I’ll show you how to extend your corporate local network to Microsoft Azure cloud infrastructure.

To do so we’ll need a gateway it could be dedicated hardware (see compatibility list here: http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx#bkmk_VPNDevice) or a server with RRAS (Routing and Remote Access Service) role.

In this tutorial we will use the second option (RRAS server).

What we need :

  • An Azure account
  • A corporate network with active directory/DNS server
  • A brand new server for RRAS role
  • Know your public IP
  • Access to your router or to your DHCP server configuration
  • And finally a coffee machine 🙂

Here is the network architecture we will build.


Create an affinity group

Creating an affinity group allow us to place all our network and virtual machine in the same logical place


Name your affinity group and select your region


Configure networks

Then we will define our local network. The local network refer to the corporate infrastructure


Enter your corporate public IP


Enter your corporate network address and CIDR


The next step is to define the virtual network.

This virtual network will be the Azure network.

Go to networks and create it


Name your Azure Network. In the screenshot below i named it “AzurePublicIP” which is not a great idea because the logical network is composed of the PublicIP + local subnet. For a better comprehension it could be better to name it “AzureNetwork”


Create the desire subnet


Then click on add gateway subnet


Enter your corporate DNS and select your corporate Network


Connect to azure

Wait for the virtual network creation. Then click on the network name to access the dashboard


Create the gateway


Wait for the creation could take a couple of minutes


When it’s done download the VPN agent script


Put the script to your RRAS server (here it’s my

Change your execution policy and rename the script to *.ps1


Execute the script.

It will automatically install all pre-requisite roles and configure the desired connection


When it’s done open “Routing and remote access” console and click connect on the connection to Azure network


It will dial and you’ll see the connection UP in the azure portal


Create an Azure instance

Now that we have our local network connected to our azure Tenant let’s test it by creating a virtual machine in the cloud.


Select from gallery to be able to configure the proper subnet


AzureCo22 AzureCo23

Here i choose a Basic tier.

The standard is a little bit more expensive but is better for performance

Standard :

The Standard tier of compute instances provides an optimal set of compute, memory and IO resources for running a wide array of applications. These instances include both auto-scaling and load balancing capabilities.

See price calculator :



Select the AzureNetwork to have your instance connected to the subnet



Wait for the virtual machine to be ready.


Click on connect save or directly open the RDP file.


Use the credentials configured during the deployment


Update the firewall security rules to allo ping response

Import-Module NetSecurity
Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request – ICMPv4-In)” -enabled True


To reach this subnet from your local network you’ll have to add a route to

You have several way to do so.

  • Directly on your router
  • Pushing the route using GPO
  • Pushing the route using DHCP


  • Adding the route manually


So now from my azure we are able to contact our server on our corporate network and vice versa


We are also able to add the instance to the domain to control it as a traditional server


It’s done. Our azure tenant is now completely reachable from the corporate network. It could easily be used for workload, test or disaster recovery site.


The VM is 0,056 €/hr and the virtual router is €0.03/hr.
On average a month is 730.5hr then the cost should be : 730.5 x (0.056 +0.03) = 62.82€ / month

Then you’ll also have to pay for the amount of data out but 5GB are included each month

I hope it’ll help you.

Sources :


Leave a Reply

Your email address will not be published. Required fields are marked *