Connect Virtual Networks with VNet Peering
Configure bidirectional VNet peering between two virtual networks in different Azure regions. Verify connectivity by connecting from one VM to another via SSH.
Lab overview
Few organizations run everything inside a single virtual network. Workloads get spread across regions for resilience, across subscriptions for governance, and across teams for isolation - which leaves you with islands of private address space that, by default, cannot talk to one another. Azure Virtual Network (VNet) peering is the mechanism that stitches those islands back together, letting resources in separate VNets communicate using their private IP addresses as if they shared the same network.
Peered traffic travels entirely over Microsoft's private backbone - never the public internet - giving you low latency, high bandwidth, and no need for VPN gateways or public endpoints. Two patterns exist: regional peering links VNets in the same Azure region, while global peering links VNets in different regions. Peering is also directional. A link has to be established from each VNet toward the other, and it only reports a Connected state once both sides are in place - configure just one direction and it sits in an Initiated state with no traffic flowing.
In this challenge, your organization has deployed a primary application server in East US and a backup server in West US, each in its own isolated VNet - vnet-eastus (10.0.0.0/16) and vnet-westus (10.1.0.0/16). Right now the two servers cannot reach each other. Your job is to configure global VNet peering in both directions, then prove private connectivity works by SSH-ing into vm-eastus over its public IP and hopping from there to vm-westus over its private IP.
Objectives
By completing this beginner-level challenge, you will be able to:
- Configure VNet peering between two virtual networks in different Azure regions
- Explain why peering must be established bidirectionally to reach a Connected state
- Distinguish global VNet peering from regional peering and when each applies
- Verify cross-VNet private connectivity using SSH between VMs
Success Criteria
- Peering from
vnet-eastustovnet-westusshows status Connected - Peering from
vnet-westustovnet-eastusshows status Connected - An SSH connection succeeds from
vm-eastustovm-westususing its private IP address
Prerequisites
You'll get the most out of this challenge if you're already comfortable with:
- Creating and managing Azure Virtual Networks, address spaces, and subnets
- Basic SSH connectivity
- Navigating the Azure Portal
Recommended building block: Azure Virtual Network Peering - Connect VNets for Secure Communication
Verified against your live environment
An automated validation engine inspects your actual resources and configurations as you work. Completion means the task was performed — not multiple choice, real-world proficiency.
More labs like this
Azure Virtual Network Peering - Connect VNets for Secure Communication
Learn how to configure and test virtual network peering in Azure.
Creating a Web App on Azure App Service using Azure Portal
Learn how to create, configure, and deploy a web application using Azure App Service through the Azure Portal's interface.
Creating Your First Virtual Machine in Azure Cloud
This lab guides you through creating a virtual machine in Azure Cloud, covering essential steps and best practices for a successful deployment.
Related reading
Environment
Every lab includes
- Real environment, pre-credentialed
- Automated checks on every step
- Isolated sandbox, auto cleanup
- AI-recommended next steps
Lab curriculum
- 01
Challenge Scenario - Connecting Two VNets with VNet Peering
3 automated checks
Skills validated
Not the lab you were looking for?
Browse 150+ hands-on labs across AWS, Azure, Kubernetes, Docker, and cloud security.