Connect Azure Virtual Networks | Step-by-Step Guide

Connect VNet1 to VNet2

Prev Question Next Question

Question

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.

You need to connect VNet1 to VNet2.

What should you do first?

Answers

A. Move VM1 to Subscription2.

B. Move VNet1 to Subscription2.

C. Modify the IP address space of VNet2.

D. Provision virtual network gateways.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.

Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.

The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

To connect VNet1 to VNet2, we need to create a virtual network gateway in each virtual network and then create a virtual network gateway connection between the two gateways. Therefore, the correct answer is D. Provision virtual network gateways.

Explanation:

A) Moving VM1 to Subscription2 is not required to connect the two virtual networks. We can connect virtual networks across different subscriptions, so moving the VM is not necessary.

B) Moving VNet1 to Subscription2 is also not necessary. Although each subscription is associated with a different Azure AD tenant, we can still connect virtual networks across different subscriptions.

C) Modifying the IP address space of VNet2 will not help us connect the two virtual networks. The IP address space is only used to define the range of IP addresses that can be assigned to resources in the virtual network. It has no impact on connecting two virtual networks.

D) Provisioning virtual network gateways is the correct way to connect VNet1 to VNet2. To create a virtual network gateway, we need to create a gateway subnet within the virtual network, and then create a virtual network gateway resource in that subnet. Once we have a virtual network gateway in each virtual network, we can create a virtual network gateway connection to connect the two gateways.

Therefore, the correct answer is D. Provision virtual network gateways.

Prev Question Next Question