Set up the Azure-Google Cloud VPN network attachment

This document provides high-level guidance on how to establish a VPN connectionbetween Google Cloud and Microsoft Azure. The document also includes instructionsfor creating a network attachment in Google Cloud.

Before you begin

Ensure you have the following:

  • Access to Azure and Google Cloud accounts withappropriate permissions.
  • Existing VPCs in both Azure andGoogle Cloud.

Set up networking on Google Cloud

The setup on Google Cloud requires creating the VPC network,the customer gateway, and the VPN connection.

Create the VPC network

  1. In the Google Cloud console, go to theVPC networks page.

    Go to VPC networks

  2. ClickCreate VPC network.

  3. Provide a name for the network.

  4. Configure subnets as necessary.

  5. ClickCreate.

For more information, seeCreate and manage VPC networks.

Create the VPN gateway

Note: The following steps describe how to create aClassic VPN.You can create a high-availability (HA) VPN instead if it fits your use case.For more information, seeCreate an HA VPN gateway to a peer VPN gateway.

  1. In the Google Cloud console, go to theCloud VPN gateways page.

    Go to Cloud VPN gateways

  2. ClickCreate VPN gateway.

  3. Select theClassic VPN option button.

  4. Provide a VPN gateway name.

  5. Select an existing VPC network in which to create the VPN gateway and tunnel.

  6. Select the region.

  7. ForIP address, create or choose an existing regionalexternal IP address.

  8. Provide a tunnel name.

  9. ForRemote peer IP address, enter the Azure VPN gatewaypublic IP address.

  10. Specify options forIKE version andIKE pre-shared key.

  11. Specify the routing options as required to direct traffic to theAzure IP ranges.

  12. ClickCreate.

For more information, seeCreate a gateway and tunnel.

Set up networking on Azure

  1. Create the virtual network. For detailed instructions, seeQuickstart: Use the Azure portal to create a virtual network andCreate a virtual networkin the Azure documentation.
  2. Create a VPN routed to the virtual network that you created in theCreate the VPC network section of this document.For detailed instructions, seeTutorial: Create and manage a VPN gateway using the Azure portal andCreate a VPN gatewayin the Azure documentation.
  3. Create a local network gateway with the public IP address of theGoogle Cloud VPN gateway and the address space of theGoogle Cloud network. For detailed instructions, seeCreate a local network gatewayin the Azure documentation.
  4. Create a site-to-site VPN connection using the local network gateway that youcreated. For detailed instructions, seeCreate VPN connectionsin the Azure documentation.

Create the Google Cloud network attachment

To attach the network to the Private Service Connect, do the following:

  1. In the Google Cloud console, go to thePrivate Service Connect page.

    Go to Private Service Connect

  2. Select the resource that you want to attach to the network.

  3. ClickEdit.

  4. In theNetwork attachments tab, select the network that you created intheCreate the VPC network section of this document.

  5. ClickSave.

For more information, seeCreate network attachments.

Verify the network connectivity

Ensure that the VMs in Google Cloud can reach the VMs in Azure,and ensure that the VMs in Azure can reach the VMs in Google Cloud.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.