Configure Point-to-Site Connection

 Configure Point-to-Site Connection



Next step of this configuration is to configure the point-to-site connection. In here we will define client ip address pool as well. It is for VPN clients.

 

  • Click on newly created VPN gateway connection.
  • Then in new window click on Point-to-site configuration

p2s17.jpg

 

  • After that, click on Configure Now

p2s18.jpg

 

  • In new window type IP address range for VPN address pool. In this demo I will be using 172.16.25.0/24. For tunnel type use both SSTP & IKEv2. Linux and other mobile clients by default use IKEv2 to connect. Windows also use IKEv2 first and then try SSTP. For authentication type use Azure Certificates.

 p2s19.jpg

 

  • In same window there is place to define root certificate. Under root certificate name type the cert name and under public certificate data, paste the root certificate data ( you can open cert in notepad to get data).

p2s20.jpg

p2s21.jpg

 

  • Then click on Save to complete the process.

 p2s22.jpg 

Note : when you paste certificate data, do not copy -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- text.

 

Testing VPN connection

 

Now we have finished with configuration. As next step, we need to test the connection. To do that log in to the same pc where we generate certificates. If you going to use different PC, first you need to import root cert & client certificate we exported.

 

  • Log in to Azure portal from machine and go to VPN gateway config page.
  • In that page, click on Point-to-site configuration
  • After that, click on Download VPN client

 p2s23.jpg

 

  • Then double click on the VPN client setup. In my case I am using 64bit vpn client.

 p2s24.jpg

 

  • After that, we can see new connection under windows 10 VPN page.

p2s25.jpg

 

  • Click on connect to VPN. Then it will open up this new window. Click on Connect in there.

p2s26.jpg

 

  • Then run ip config to verify ip allocation from VPN address pool.

p2s27.jpg

 

  • In VPN gateway page also, I can see one connection is made.

p2s28.jpg

 

  • I have a server setup under new virtual network we created. This server only has private ip and its 192.168.100.4

p2s29.jpg

 

  • As expected, I can RDP to this via VPN.

p2s30.jpg

Comments

Post a Comment

Popular posts from this blog

Create a Public Load balancer

Image
Sign in to Azure Sign in to the Azure portal at   https://portal.azure.com . Create the virtual network: In this section, you'll create a virtual network and subnet. In the search box at the top of the portal, enter  Virtual network . Select  Virtual Networks  in the search results. In  Virtual networks , select  + Create . In  Create virtual network , enter or select this information in the  Basics  tab: TABLE 1 Setting Value Project Details Subscription Select your Azure subscription Resource Group Select  Create new . In  Name  enter  CreatePubLBQS-rg . Select  OK . Instance details Name Enter  myVNet Region Select  (Europe) West Europe Select the  IP Addresses  tab or select the  Next: IP Addresses  button at the bottom of the page. In the  IP Addresses  tab, enter this information: TABLE 2 Setting Value IPv4 address space Enter  10.1.0.0/16 Under  Subnet name , select the word  default . In  Edit subnet , enter this information: TABLE 3 Setting Value Subnet name Enter  myBacke
Read more

How do I Create an Azure Storage Account?

How do I create an Azure Storage Account​? This is step-by-step instruction to create an Azure Storage Account using the legacy Azure Portal: ​Visit  https://manage.windowsazure.com Go to  Storage .​ Click  New . Select  Storage  >  Quick Create . ​​Choose a URL for the storage. ​​Select the location of the storage. In the Replication field, select  Geo-Redundant . Click  ​ Create Storage Account . Now the storage account appears in the storage list. ​​​This is step-by-step instruction to create an Azure Storage Account using the new Azure Portal: ​Visit ​ https://portal.az​ure.com​ Click  New .​ Select  Storage  >  Storage account . Enter a name for your storage account.​ Choose  Resource manager​  for the Deployment model. Choose  Blob storage  for the Account kind.​​ Note:  If you are using the v2 endpoint for a document migration, you need to select  STORAGEV2 (general purpose v2). In the Replicatio n field,  select  Read-access geo-redundant storage (RA-GRS) . Select the sub
Read more