How to connect an Azure ARM VNet to an ASM VNet using VNet Peering

4:25 pm in ARM, ASM, Azure, Azure virtual network, Cloud, DC, DNS, VNet peering by Wim Matthyssen

Hi all,

In this blog post I will show you how you can connect an Azure Resource Manager (ARM) virtual network (VNet) to a classic or Azure Service Manager (ASM) VNet using VNet Peering.

VNet Peering, which was made generally available (GA) on September 28th, is a mechanism that allows you to connect two VNets in the same region through the Azure backbone network as they were a single network. This means that you don’t need a VNet gateway anymore, like when you setup a VNet-to-VNet VPN connection. It will allow full connectivity between the entire address space of the peered VNets. So, for example when VNet peering is setup, all virtual machines in the peered VNets will be able to communicate with each other. If you’re interested you can read more about VNet Peering via following link:

Before we start setting things up, first some things to keep in mind:

  • VNet Peering requires that both VNets are located the same Azure region
  • The VNets must be in the same Azure Subscription (only for ARM – ASM VNet Peering)
  • The IP address space of both VNets must not overlap
  • Using your peer’s VNet gateway (UseRemoteGateways and AllowGatewayTransit settings) is not supported when peering with an ASM VNet
  • There is a small charge for data transferred between VNets using VNet Peering (inbound and outbound data transfer $ 0,01 per GB)
  • To be clear, you can find below a drawing of my ARM – ASM VNet Peering setup


After all this is said and shown, we can start

1) First of all login to the Azure portal and sign in with your Azure account

2) Select Virtual Networks


3) Select your ARM VNet (in my case AZU-Vnet-ARM)


4) Click Peerings (like you can see there is one connected device AZU-APP-01)


5) Click Add


6) In the Add Peering blade, name your link (in my case LinkToVNetASM). Under Peer details select Classic. Choose the correct Subscription and the ASM Virtual Network you want to peer with. Leave Allow virtual network access Enabled, this will allow communication between the two virtual networks. Then click OK


7) After clicking OK the peering link will be created


8) When done, the two virtual networks are peered and you will see the PEERING STATUS between the two virtual networks is in a Connected state


9) Like you can see, both VMs can ping each other. Don’t forget to allow ping through the Windows Firewall



10) After adding AZU-DC-01 ( as DNS server to the AZU-Vnet-ARM VNet, I was able to add AZU-APP-01 to the azuvlab.local domain which was created an AZU-DC-01




This concludes this blog post. If you have any questions don’t hesitate to contact me via twitter.

Wim Matthyssen (@wmatthyssen)