将其他 S2S 连接添加到 VNet:Azure 门户Add additional S2S connections to a VNet: Azure portal

本文可帮助你将其他站点到站点 (S2S) 连接添加到现已有连接的 VPN 网关。This article helps you add additional Site-to-Site (S2S) connections to a VPN gateway that has an existing connection. 此体系结构通常称为“多站点”配置。This architecture is often referred to as a "multi-site" configuration. 可将 S2S 连接添加到已有 S2S 连接、点到站点连接或 VNet 到 VNet 连接的 VNet。You can add a S2S connection to a VNet that already has a S2S connection, Point-to-Site connection, or VNet-to-VNet connection. 添加连接时,请注意一些限制。There are some limitations when adding connections. 在开始配置之前,请查看本文的先决条件部分以进行验证。Check the Prerequisites section in this article to verify before you start your configuration.

本文适用于具有基于路由的 VPN 网关的资源管理器 VNet。This article applies to Resource Manager VNets that have a RouteBased VPN gateway. 本文中的步骤不适用于新的 ExpressRoute/站点到站点共存连接配置。These steps do not apply to new ExpressRoute/Site-to-Site coexisting connection configurations. 但是,如果只是将新的 VPN 连接添加到已有的共存配置,则可以使用这些步骤。However, if you are merely adding a new VPN connection to an already existing coexist configuration, you can use these steps. 有关共存连接的信息,请参阅 ExpressRoute/S2S 共存连接See ExpressRoute/S2S coexisting connections for information about coexisting connections.

先决条件Prerequisites

确认以下各项:Verify the following items:

  • 你没有配置新的 ExpressRoute 和 VPN 网关共存配置。You are not configuring a new coexisting ExpressRoute and VPN Gateway configuration.
  • 有一个使用 Resource Manager 部署模型创建的、包含现有连接的虚拟网络。You have a virtual network that was created using the Resource Manager deployment model with an existing connection.
  • VNet 的虚拟网络网关是 RouteBased 类型。The virtual network gateway for your VNet is RouteBased. 如果使用 PolicyBased VPN 网关,必须先删除虚拟网络网关,然后创建新的 RouteBased VPN 网关。If you have a PolicyBased VPN gateway, you must delete the virtual network gateway and create a new VPN gateway as RouteBased.
  • 此 VNet 连接到的任何 VNet 都不存在地址范围重叠的情况。None of the address ranges overlap for any of the VNets that this VNet is connecting to.
  • 有一台兼容的 VPN 设备,并且可对其进行配置。You have compatible VPN device and someone who is able to configure it. 请参阅 关于 VPN 设备See About VPN Devices. 如果不熟悉 VPN 设备的配置,或者不熟悉本地网络配置中的 IP 地址范围,则需咨询能够提供此类详细信息的人员。If you aren't familiar with configuring your VPN device, or are unfamiliar with the IP address ranges located in your on-premises network configuration, you need to coordinate with someone who can provide those details for you.
  • VPN 设备有一个面向外部的公共 IP 地址。You have an externally facing public IP address for your VPN device.

配置连接Configure a connection

  1. 从浏览器导航到 Azure 门户,并在必要时用 Azure 帐户登录。From a browser, navigate to the Azure portal and, if necessary, sign in with your Azure account.

  2. 选择“所有资源”,从资源列表中找到“虚拟网络网关”并选择它。Select All resources and locate your virtual network gateway from the list of resources and select it.

  3. 在“虚拟网络网关”页上,选择“连接” 。On the Virtual network gateway page, select Connections.

    VPN 网关连接

  4. 在“连接”页上,选择“+添加” 。On the Connections page, select +Add.

  5. 此时会打开“添加连接”页。This opens the Add connection page.

    “添加连接”页

  6. 在“添加连接”页面上,填写以下字段:On the Add connection page, fill out the following fields:

    • 名称: 想与其建立连接的站点的名称。Name: The name you want to give to the site you are creating the connection to.
    • 连接类型: 选择“站点到站点(IPsec)”。Connection type: Select Site-to-site (IPsec).

添加本地网关Add a local network gateway

  1. 对于“本地网关”字段,请选择“选择本地网关”。此时会打开“选择本地网关”页For the Local network gateway field, select **Choose a local network gateway_. This opens the _* Choose local network gateway* page.

  2. 选择“+ 新建”,打开“创建本地网关”页 。Select + Create new to open the Create local network gateway page.

    “创建本地网络网关”页

  3. 在“创建本地网络网关”页面上,填写以下字段:On the Create local network gateway page, fill out the following fields:

    • 名称: 要分配给本地网络网关资源的名称。Name: The name you want to give to the local network gateway resource.
    • 终结点: 要连接到的站点上的 VPN 设备的公共 IP 地址,或终结点的 FQDN。Endpoint: The public IP address of the VPN device on the site that you want to connect to, or the FQDN of the endpoint.
    • 地址空间: 要路由到新本地网络站点的地址空间。Address space: The address space that you want to be routed to the new local network site.
  4. 在“创建本地网关”页上选择“确定”,保存所做的更改 。Select OK on the Create local network gateway page to save the changes.

添加共享密钥Add the shared key

  1. 创建本地网关后,请返回到“添加连接”页。After creating the local network gateway, return to the Add connection page.
  2. 填写其余字段。Complete the remaining fields. 对于“共享密钥(PSK)”,可以从 VPN 设备获取共享密钥,也可以在此处创建一个共享密钥,并将 VPN 设备配置为使用这个共享密钥。For the Shared key (PSK), you can either get the shared key from your VPN device, or make one up here and then configure your VPN device to use the same shared key. 重要的一点是,这两个密钥必须完全相同。The important thing is that the keys are exactly the same.

创建连接Create the connection

  1. 在页面底部,选择“确定”以创建连接。At the bottom of the page, select OK to create the connection. 此时将立即开始创建该连接。The connection begins creating immediately.
  2. 连接完成后,可以查看并验证它。Once the connection completes, you can view and verify it.

查看并验证 VPN 连接View and verify the VPN connection

在 Azure 门户中,可通过导航到连接来查看 Resource Manager VPN 网关的连接状态。In the Azure portal, you can view the connection status of a Resource Manager VPN Gateway by navigating to the connection. 以下步骤演示导航到连接并进行验证的一种方法。The following steps show one way to navigate to your connection and verify.

  1. Azure 门户菜单中选择“所有资源” ,或从任何页面搜索并选择“所有资源” 。In the Azure portal menu, select All resources or search for and select All resources from any page.

  2. 选择此项可转到虚拟网络网关。Select to your virtual network gateway.

  3. 在“虚拟网络网关”边栏选项卡中,单击“连接”。 On the blade for your virtual network gateway, click Connections. 可查看每个连接的状态。You can see the status of each connection.

  4. 单击想要验证的连接的名称,打开“概要”。 Click the name of the connection that you want to verify to open Essentials. 在“概要”中,可以查看有关连接的详细信息。In Essentials, you can view more information about your connection. 成功连接后,“状态”为“已成功”和“已连接”。 The Status is 'Succeeded' and 'Connected' when you have made a successful connection.

    使用 Azure 门户验证 VPN 网关连接