Stay organized with collections
Save and categorize content based on your preferences.
Set up the Azure-Google Cloud VPN network attachment
This document provides high-level guidance on how to establish a VPN connection
between Google Cloud and Microsoft Azure. The document also includes instructions
for creating a network attachment in Google Cloud.
Before you begin
Ensure you have the following:
Access to Azure and Google Cloud accounts with
appropriate permissions.
Existing VPCs in both Azure and
Google Cloud.
Set up networking on Google Cloud
The setup on Google Cloud requires creating the VPC network,
the customer gateway, and the VPN connection.
Create the VPC network
In the Google Cloud console, go to the VPC networks page.
Create a local network gateway with the public IP address of the
Google Cloud VPN gateway and the address space of the
Google Cloud network. For detailed instructions, see
Create a local network gateway
in the Azure documentation.
Create a site-to-site VPN connection using the local network gateway that you
created. For detailed instructions, see
Create VPN connections
in the Azure documentation.
Create the Google Cloud network attachment
To attach the network to the Private Service Connect, do the following:
In the Google Cloud console, go to the Private Service Connect page.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis document provides guidance on establishing a VPN connection between Google Cloud and Microsoft Azure, including setting up a network attachment in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eSetting up networking on Google Cloud involves creating a VPC network, a customer gateway, and a VPN connection, with options for Classic or HA VPN.\u003c/p\u003e\n"],["\u003cp\u003eOn Azure, you'll need to create a virtual network, a VPN gateway, and a local network gateway, then establish a site-to-site VPN connection.\u003c/p\u003e\n"],["\u003cp\u003eCreating a network attachment in Google Cloud involves using the Private Service Connect page to select and attach the desired resource to the previously created VPC network.\u003c/p\u003e\n"],["\u003cp\u003eThe final step is to verify network connectivity, ensuring that virtual machines (VMs) in Google Cloud can communicate with VMs in Azure, and vice versa.\u003c/p\u003e\n"]]],[],null,["# Set up the Azure-Google Cloud VPN network attachment\n====================================================\n\nThis document provides high-level guidance on how to establish a VPN connection\nbetween Google Cloud and Microsoft Azure. The document also includes instructions\nfor creating a network attachment in Google Cloud.\n\nBefore you begin\n----------------\n\nEnsure you have the following:\n\n- Access to Azure and Google Cloud accounts with appropriate permissions.\n- Existing VPCs in both Azure and Google Cloud.\n\nSet up networking on Google Cloud\n---------------------------------\n\nThe setup on Google Cloud requires creating the VPC network,\nthe customer gateway, and the VPN connection.\n\n### Create the VPC network\n\n1. In the Google Cloud console, go to the **VPC networks** page.\n\n [Go to VPC networks](https://console.cloud.google.com/networking/networks/list)\n2. Click add **Create VPC network**.\n\n3. Provide a name for the network.\n\n4. Configure subnets as necessary.\n\n5. Click **Create**.\n\nFor more information, see\n[Create and manage VPC networks](/vpc/docs/create-modify-vpc-networks).\n\n### Create the VPN gateway\n\n| **Note:** The following steps describe how to create a [Classic VPN](/network-connectivity/docs/vpn/concepts/overview#classic-vpn). You can create a high-availability (HA) VPN instead if it fits your use case. For more information, see [Create an HA VPN gateway to a peer VPN gateway](/network-connectivity/docs/vpn/how-to/creating-ha-vpn).\n\n1. In the Google Cloud console, go to the **Cloud VPN gateways** page.\n\n [Go to Cloud VPN gateways](https://console.cloud.google.com/hybrid/vpn?tab=gateways)\n2. Click **Create VPN gateway**.\n\n3. Select the **Classic VPN** option button.\n\n4. Provide a VPN gateway name.\n\n5. Select an existing VPC network in which to create the VPN gateway and tunnel.\n\n6. Select the region.\n\n7. For **IP address** , create or choose an existing regional\n [external IP address](/compute/docs/ip-addresses#reservedaddress).\n\n8. Provide a tunnel name.\n\n9. For **Remote peer IP address**, enter the Azure VPN gateway\n public IP address.\n\n10. Specify options for **IKE version** and **IKE pre-shared key**.\n\n11. Specify the routing options as required to direct traffic to the\n Azure IP ranges.\n\n12. Click **Create**.\n\nFor more information, see\n[Create a gateway and tunnel](/network-connectivity/docs/vpn/how-to/creating-static-vpns#create_a_gateway_and_tunnel).\n\nSet up networking on Azure\n--------------------------\n\n1. Create the virtual network. For detailed instructions, see [Quickstart: Use the Azure portal to create a virtual network](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal) and [Create a virtual network](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#CreatVNet) in the Azure documentation.\n2. Create a VPN routed to the virtual network that you created in the [Create the VPC network](#create-vpc-network) section of this document. For detailed instructions, see [Tutorial: Create and manage a VPN gateway using the Azure portal](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal) and [Create a VPN gateway](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#VNetGateway) in the Azure documentation.\n3. Create a local network gateway with the public IP address of the Google Cloud VPN gateway and the address space of the Google Cloud network. For detailed instructions, see [Create a local network gateway](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#LocalNetworkGateway) in the Azure documentation.\n4. Create a site-to-site VPN connection using the local network gateway that you created. For detailed instructions, see [Create VPN connections](https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#CreateConnection) in the Azure documentation.\n\nCreate the Google Cloud network attachment\n------------------------------------------\n\nTo attach the network to the Private Service Connect, do the following:\n\n1. In the Google Cloud console, go to the **Private Service Connect** page.\n\n [Go to Private Service Connect](https://console.cloud.google.com/net-services/psc/list)\n2. Select the resource that you want to attach to the network.\n\n3. Click **Edit**.\n\n4. In the **Network attachments** tab, select the network that you created in\n the [Create the VPC network](#create-vpc-network) section of this document.\n\n5. Click **Save**.\n\nFor more information, see\n[Create network attachments](/vpc/docs/create-manage-network-attachments#create-network-attachments).\n\nVerify the network connectivity\n-------------------------------\n\nEnsure that the VMs in Google Cloud can reach the VMs in Azure,\nand ensure that the VMs in Azure can reach the VMs in Google Cloud."]]
