Set up the Azure-Trusted Cloud VPN network attachment
This document provides high-level guidance on how to establish a VPN connection
between Trusted Cloud by S3NS and Microsoft Azure. The document also includes instructions
for creating a network attachment in Trusted Cloud.
Before you begin
Ensure you have the following:
- Access to Azure and Trusted Cloud accounts with
appropriate permissions.
- Existing VPCs in both Azure and
Trusted Cloud.
Set up networking on Trusted Cloud
The setup on Trusted Cloud requires creating the VPC network,
the customer gateway, and the VPN connection.
Create the VPC network
In the Trusted Cloud console, go to the VPC networks page.
Go to VPC networks
Click add Create VPC network.
Provide a name for the network.
Configure subnets as necessary.
Click Create.
For more information, see
Create and manage VPC networks.
Create the VPN gateway
In the Trusted Cloud console, go to the Cloud VPN gateways page.
Go to Cloud VPN gateways
Click Create VPN gateway.
Select the Classic VPN option button.
Provide a VPN gateway name.
Select an existing VPC network in which to create the VPN gateway and tunnel.
Select the region.
For IP address, create or choose an existing regional
external IP address.
Provide a tunnel name.
For Remote peer IP address, enter the Azure VPN gateway
public IP address.
Specify options for IKE version and IKE pre-shared key.
Specify the routing options as required to direct traffic to the
Azure IP ranges.
Click Create.
For more information, see
Create a gateway and tunnel.
Set up networking on Azure
- Create the virtual network. For detailed instructions, see
Quickstart: Use the Azure portal to create a virtual network and
Create a virtual network
in the Azure documentation.
- Create a VPN routed to the virtual network that you created in the
Create the VPC network section of this document.
For detailed instructions, see
Tutorial: Create and manage a VPN gateway using the Azure portal and
Create a VPN gateway
in the Azure documentation.
- Create a local network gateway with the public IP address of the
Trusted Cloud VPN gateway and the address space of the
Trusted Cloud network. For detailed instructions, see
Create a local network gateway
in the Azure documentation.
- Create a site-to-site VPN connection using the local network gateway that you
created. For detailed instructions, see
Create VPN connections
in the Azure documentation.
Create the Trusted Cloud network attachment
To attach the network to the Private Service Connect, do the following:
In the Trusted Cloud console, go to the Private Service Connect page.
Go to Private Service Connect
Select the resource that you want to attach to the network.
Click Edit.
In the Network attachments tab, select the network that you created in
the Create the VPC network section of this document.
Click Save.
For more information, see
Create network attachments.
Verify the network connectivity
Ensure that the VMs in Trusted Cloud can reach the VMs in Azure,
and ensure that the VMs in Azure can reach the VMs in Trusted Cloud.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-25 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis document provides guidance on establishing a VPN connection between Google Cloud and Microsoft Azure, including setting up a network attachment in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eSetting up networking on Google Cloud involves creating a VPC network, a customer gateway, and a VPN connection, with options for Classic or HA VPN.\u003c/p\u003e\n"],["\u003cp\u003eOn Azure, you'll need to create a virtual network, a VPN gateway, and a local network gateway, then establish a site-to-site VPN connection.\u003c/p\u003e\n"],["\u003cp\u003eCreating a network attachment in Google Cloud involves using the Private Service Connect page to select and attach the desired resource to the previously created VPC network.\u003c/p\u003e\n"],["\u003cp\u003eThe final step is to verify network connectivity, ensuring that virtual machines (VMs) in Google Cloud can communicate with VMs in Azure, and vice versa.\u003c/p\u003e\n"]]],[],null,["# Set up the Azure-Google Cloud VPN network attachment\n====================================================\n\nThis document provides high-level guidance on how to establish a VPN connection\nbetween Google Cloud and Microsoft Azure. The document also includes instructions\nfor creating a network attachment in Google Cloud.\n\nBefore you begin\n----------------\n\nEnsure you have the following:\n\n- Access to Azure and Google Cloud accounts with appropriate permissions.\n- Existing VPCs in both Azure and Google Cloud.\n\nSet up networking on Google Cloud\n---------------------------------\n\nThe setup on Google Cloud requires creating the VPC network,\nthe customer gateway, and the VPN connection.\n\n### Create the VPC network\n\n1. In the Google Cloud console, go to the **VPC networks** page.\n\n [Go to VPC networks](https://console.cloud.google.com/networking/networks/list)\n2. Click add **Create VPC network**.\n\n3. Provide a name for the network.\n\n4. Configure subnets as necessary.\n\n5. Click **Create**.\n\nFor more information, see\n[Create and manage VPC networks](/vpc/docs/create-modify-vpc-networks).\n\n### Create the VPN gateway\n\n| **Note:** The following steps describe how to create a [Classic VPN](/network-connectivity/docs/vpn/concepts/overview#classic-vpn). You can create a high-availability (HA) VPN instead if it fits your use case. For more information, see [Create an HA VPN gateway to a peer VPN gateway](/network-connectivity/docs/vpn/how-to/creating-ha-vpn).\n\n1. In the Google Cloud console, go to the **Cloud VPN gateways** page.\n\n [Go to Cloud VPN gateways](https://console.cloud.google.com/hybrid/vpn?tab=gateways)\n2. Click **Create VPN gateway**.\n\n3. Select the **Classic VPN** option button.\n\n4. Provide a VPN gateway name.\n\n5. Select an existing VPC network in which to create the VPN gateway and tunnel.\n\n6. Select the region.\n\n7. For **IP address** , create or choose an existing regional\n [external IP address](/compute/docs/ip-addresses#reservedaddress).\n\n8. Provide a tunnel name.\n\n9. For **Remote peer IP address**, enter the Azure VPN gateway\n public IP address.\n\n10. Specify options for **IKE version** and **IKE pre-shared key**.\n\n11. Specify the routing options as required to direct traffic to the\n Azure IP ranges.\n\n12. Click **Create**.\n\nFor more information, see\n[Create a gateway and tunnel](/network-connectivity/docs/vpn/how-to/creating-static-vpns#create_a_gateway_and_tunnel).\n\nSet up networking on Azure\n--------------------------\n\n1. Create the virtual network. For detailed instructions, see [Quickstart: Use the Azure portal to create a virtual network](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal) and [Create a virtual network](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#CreatVNet) in the Azure documentation.\n2. Create a VPN routed to the virtual network that you created in the [Create the VPC network](#create-vpc-network) section of this document. For detailed instructions, see [Tutorial: Create and manage a VPN gateway using the Azure portal](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal) and [Create a VPN gateway](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#VNetGateway) in the Azure documentation.\n3. Create a local network gateway with the public IP address of the Google Cloud VPN gateway and the address space of the Google Cloud network. For detailed instructions, see [Create a local network gateway](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#LocalNetworkGateway) in the Azure documentation.\n4. Create a site-to-site VPN connection using the local network gateway that you created. For detailed instructions, see [Create VPN connections](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#CreateConnection) in the Azure documentation.\n\nCreate the Google Cloud network attachment\n------------------------------------------\n\nTo attach the network to the Private Service Connect, do the following:\n\n1. In the Google Cloud console, go to the **Private Service Connect** page.\n\n [Go to Private Service Connect](https://console.cloud.google.com/net-services/psc/list)\n2. Select the resource that you want to attach to the network.\n\n3. Click **Edit**.\n\n4. In the **Network attachments** tab, select the network that you created in\n the [Create the VPC network](#create-vpc-network) section of this document.\n\n5. Click **Save**.\n\nFor more information, see\n[Create network attachments](/vpc/docs/create-manage-network-attachments#create-network-attachments).\n\nVerify the network connectivity\n-------------------------------\n\nEnsure that the VMs in Google Cloud can reach the VMs in Azure,\nand ensure that the VMs in Azure can reach the VMs in Google Cloud."]]
