Cloud Computing

Azure Virtual Network Peering Using PowerShell


In today’s Ask the Admin, I’ll show you how to connect two Azure virtual networks using Virtual Network Peering and PowerShell.

Virtual Network (VNet) Peering provides an easy way to connect two virtual networks in the same region. Once two VNets are connected, they work as one but are still managed separately. It’s even possible to peer two VNets in different Azure subscriptions, although that’s a little more complicated than what I’ll show you today. The main requirements for peering two VNets are:

  • They must be in the same region.
  • VNets created using Resource Manager (ARM) can be peered with those created using the classic deployment model, but not vice versa.
  • Should not have overlapping address spaces.

For more information on Virtual Network Peering and how to peer networks using the Azure Management Portal, see Connect Two Azure Resource Manager Virtual Networks Using VNet Peering on the Petri IT Knowledgebase.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.



Before following the instructions below, make sure you have the latest version of Microsoft Azure PowerShell installed on your PC. You can download the latest release using the Web Platform Installer.

Log In to Azure Resource Manager

First, you’ll need to log in to your Azure subscription using the Login-AzureRmAccount cmdlet. Open a PowerShell prompt and run the command below:


If you’ve got more than one subscription associated with your Microsoft account, select one of them using the Select-AzureRmSubscription cmdlet. To see the available subscriptions, run Get-AzureRmSubscription. I’m selecting a subscription called ‘Pay-As-You-Go’ using the command below:
Select-AzureRmSubscription –SubscriptionName Pay-As-You-Go

Create Virtual Networks

We need to create a Resource Group (RG) in which to place the virtual networks. In this example, I’m using the West US region and the RG is called Lab1.

New-AzureRmResourceGroup -Name Lab1 -Location WestUS

The first virtual network (VNet1) will have an address space of and one subnet (Sub1): The New-AzureRmVirtualNetwork cmdlet creates the new virtual network with the specified address space. Add-AzureRmVirtualNetworkSubnetConfig is used to define a subnet configuration for the virtual network, and then Set-AzureRmVirtualNetwork is used to apply the subnet configuration to the virtual network.

Create an Azure virtual network (Image Credit: Russell Smith)
Create an Azure virtual network (Image Credit: Russell Smith)

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName Lab1 -Name VNet1 -AddressPrefix -Location WestUS 
Add-AzureRmVirtualNetworkSubnetConfig -Name Sub1 -VirtualNetwork $vnet -AddressPrefix 
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

We’ll just change a few details to create the second virtual network, specifying a different address space (
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName Lab1 -Name VNet2 -AddressPrefix -Location WestUS 
Add-AzureRmVirtualNetworkSubnetConfig -Name Sub1 -VirtualNetwork $vnet -AddressPrefix 
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

Link the Networks Using VNet Peering

Now that we have two virtual networks in place, all we need to do is create an object for each virtual network, and use the Add-AzureRmVirtualNetworkPeering cmdlet to create a link from VNet1 to VNet2 (LinkToVNet2), and vice versa from VNet2 to VNet1 (LinkToVNet1).

$vnet1 = Get-AzureRmVirtualNetwork -ResourceGroupName Lab1 -Name VNet1 
$vnet2 = Get-AzureRmVirtualNetwork -ResourceGroupName Lab1 -Name VNet2
Add-AzureRmVirtualNetworkPeering -Name LinkToVNet2 -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.Id 
Add-AzureRmVirtualNetworkPeering -Name LinkToVNet1 -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.Id


Link two Azure VNets using peering (Image Credit: Russell Smith)
Link two Azure VNets using peering (Image Credit: Russell Smith)

To change the link options, use Set-AzureRmVirtualNetworkPeering as shown below. Here, I’ll allow forwarded traffic on LinktoVNet2:

$LinktoVNet2 = Get-AzureRmVirtualNetworkPeering -VirtualNetworkName VNet1 -ResourceGroupName Lab1 -Name LinkToVNet2 
$LinktoVNet2.AllowForwardedTraffic = $true 
Set-AzureRmVirtualNetworkPeering -VirtualNetworkPeering $LinktoVNet2

You can retrieve information about a link at any time using the Get-AzureRmVirtualNetworkPeering cmdlet:
Get-AzureRmVirtualNetworkPeering -VirtualNetworkName VNet1 -ResourceGroupName Lab1 -Name LinkToVNet2

Remove VNet Peering

Finally, if you want to remove the links, use the Remove-AzureRmVirtualNetworkPeering cmdlet. Microsoft recommends removing both links that join virtual networks before creating new ones.

Remove-AzureRmVirtualNetworkPeering -ResourceGroupName Lab1 -VirtualNetworkName VNet1 -Name LinkToVNet2 
Remove-AzureRmVirtualNetworkPeering -ResourceGroupName Lab1 -VirtualNetworkName VNet2 -Name LinkToVNet1


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: