How to setup Site to Site (S2S) VPN from local OnPrem to Azure Cloud in 10 steps

Site-to-Site S2S VPN from OnPrem to Azure

Site-to-Site S2S VPN from OnPrem to Azure in 10 steps: Talk about a handy thing to have!

In fact, Site-to-Site VPN, unlike its “cousin” Point-to-Site VPN, connects an entire local site to Azure. Point-to-Site VPN, as its name suggests, only allows VPN to establish a connection from a “specific point”. Example, a hotel room.

For this, Site-to-Site VPN offers a major advantage, since it actually allows you to extend a local network, to Azure.

And so it can be useful in countless scenarios, like for example:

  1. A business needs servers on a temporary basis, from time to time, for development projects that only last a few months at a time. Investing in permanent servers would therefore not be the best thing to do. The use of the Cloud, being paid only for use, in addition to being elastic, in relation to the needs of technical resources which may vary, would be the wise choice.
    And, therefore, by creating a Site-to-Site VPN to Azure, the company would automatically have an “extended network” in the cloud.
  2. Another company having only one site, and therefore no possibility of a fallback site, could thus turn to this type of solution, in the event of a failure that could affect part of its main site.
  3. Another company wishing to protect itself from an adequate solution, in the event of a Ransomware attack, could decide to replicate its sensitive servers to Azure. That way, with a site-to-site VPN to Azure, the business could continue to work almost as if nothing had happened, still having its servers on a “same network”.
  4. A company in the process of migrating to the Cloud must continue to keep certain servers on its main site for a while. That said, these servers need to maintain a communication channel with other servers, already on Azure. Site-to-Site VPN thus allows all these servers to continue to exchange information in the same way, on a “same network”, while waiting to complete the migration.

To demonstrate how easy it is to do this, when creating a Site-to-Site S2S VPN from OnPrem to Azure, we’ve put together a list of 10 steps for setting up a VPN, from A to Z, on a Windows server and then test it.

The following video will give you all the info:

The steps performed in this example to create a Site-to-Site S2S VPN from OnPrem to Azure in 10 steps, are:

  1. Create Resource Group
  2. Create Virtual Network
  3. Create Local Network Gateway
  4. Create Public IP Address
  5. Create Virtual Network Gateway
  6. Create Connection
  7. Create VM for testing in Azure
  8. Configure RRAS on local Windows Server
  9. Add static route in RRAS (if necessary)
  10. Test with RDP to a VM in Azure

Click the step link to access the video directly from there on.

Feel free to leave your comments below, we would be happy to know your thoughts! 

Although the basic option, involving the use of a Windows server to configure this type of VPN is sufficient and satisfactory, there is also another possibility!

Indeed, another huge advantage of this solution is that it is possible to configure a Site-to-Site VPN directly on the internet router!  In other words, the router could manage the VPN connection by itself, natively.

Read our article to find out what brands and models allow to do that!

Similar Posts


  1. From my laptop I cannot reach the Azure servers, only from my server where I configure the RRAS I arrive through the S2S VPN, how can I get from my onprem devices to the servers?

    1. Hi Felix, sorry for the delay. You might have to add a route on your RRAs machine, so that local OnPrem traffic could go through it to go up to Azure. Otherwise, the local traffic will try to exit through the Router default gateway and will not be able to reach Azure (taking the wrong way). Find how to add routes using the Route command in CMD.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.