AZURE BASTION

Author: Ashok

Date: 2025-02-12

Azure Bastion service in North Europe to connect to virtual machines in the UK South location


Connect to Virtual Machines in UK South using Azure Bastion in North Europe


Since Azure Bastion is region-specific, we will use VNet Peering to enable access from a Bastion host in North Europe to a VM in UK South.

πŸ›  Steps to Implement in Azure Portal


Let’s start by creating a resource group bastion-rg in the North europe region. As the resource group are not region specific


Step 1: Create Virtual Networks (VNet)

1.1 Create VNet in North Europe

1. Go to Azure Portal β†’ Search for Virtual Networks.

2. Click Create and fill in:

β€’ Name: VNet-NorthEurope

β€’ Region: North Europe

β€’ Address Space: 10.0.0.0/16

β€’ Subnet:

β€’ Name: Subnet-North

β€’ Address Range: 10.0.1.0/24

3. Click Review + Create β†’ Create.


1.2 Create VNet in UK South

1. Go to Virtual Networks β†’ Click Create.

2. Fill in:

β€’ Name: VNet-UKSouth

β€’ Region: UK South

β€’ Address Space: 10.1.0.0/16

β€’ Subnet:

β€’ Name: Subnet-UK

β€’ Address Range: 10.1.1.0/24

3. Click Review + Create β†’ Create.



Step 2: Deploy an Azure Bastion in North Europe

1. Go to Azure Portal β†’ Search for Bastion.

2. Click Create Bastion.

3. Fill in:

β€’ Resource Group: bastion-rg.

β€’ Region: North Europe

β€’ Virtual Network: VNet-NorthEurope

β€’ Subnet Name: AzureBastionSubnet

β€’ Subnet Address Range: 10.0.2.0/27

β€’ Public IP: VNet-NorthEurope-ip

4. Click Review + Create β†’ Create.


Step 3: Deploy a Virtual Machine in UK South

1. Go to Azure Portal β†’ Virtual Machines β†’ Create VM.

2. Fill in:

β€’ Name: VM-UKSouth

β€’ Region: UK South

β€’ Size: Standard_B1s

β€’ OS: Ubuntu

β€’ Authentication: Username + Password .

β€’ Virtual Network: VNet-UKSouth

β€’ Subnet: Subnet-UK

3. Click Review + Create β†’ Create.




Step 4: Configure VNet Peering

4.1 Peer VNet-NorthEurope with VNet-UKSouth

1. Go to Azure Portal β†’ Virtual Networks.

2. Select VNet-NorthEurope β†’ Click Peerings β†’ Click + Add.

3. Fill in:

β€’ Peering Name: NorthEurope-to-UKSouth

β€’ Remote VNet: Select VNet-UKSouth

β€’ Allow Virtual Network Access: Enabled

β€’ Allow Forwarded Traffic: Enabled


β€’ Allow Gateway Transit: Disabled

4. Click OK.




4.2 Peer VNet-UKSouth with VNet-NorthEurope

1. Go to Virtual Networks β†’ VNet-UKSouth.

2. Click Peerings β†’ + Add.

3. Fill in:

β€’ Peering Name: UKSouth-to-NorthEurope

β€’ Remote VNet: Select VNet-NorthEurope

β€’ Allow Virtual Network Access: Enabled

β€’ Allow Forwarded Traffic: Enabled

β€’ Allow Gateway Transit: Disabled

4. Click OK.

Step 5: Connect to VM in UK South Using Bastion

1. Go to Azure Portal β†’ Virtual Machines.

2. Select VM-UKSouth.

3. Click Connect β†’ Bastion.

4. Select Bastion Host in North Europe (VNet-NorthEurope).

5. Enter VM Credentials β†’ Click Connect.

πŸš€ You are now connected to a VM in UK South using Azure Bastion in North Europe!

πŸ” Key Takeaways

βœ… Azure Bastion is region-specific, but VNet Peering enables cross-region access.

βœ… VNet Peering allows secure VM communication between North Europe and UK South.

βœ… Bastion provides RDP/SSH access without exposing VMs to the internet.