Jump to content













Photo
- - - - -

Azure Start Point | Point-to-Site VPN

  Posted by Pantelis Apostolidis , in Azure 13 June 2018 · 8 views

<h1>Azure Start Point | Point-to-Site VPN</h1>
<p>In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.</p>
<p>If you don’t have an Azure Subscription, you can easily create a free trial by just going to <a href="https://azure.micros...om/en-us/free/"data-slimstat="5">https://azure.micros...s/free/</a></p>
<p>Create typical a VIrtual Network</p>
<p id="avTzoLL"><img class="alignnone size-full wp-image-1908 " src="https://www.e-aposto...0228473455.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b20228473455.png 308w, https://www.e-aposto...455-140x300.png 140w" sizes="(max-width: 308px) 100vw, 308px" /></p>
<p>In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.</p>
<p id="kiLVuPr"><img class="alignnone size-full wp-image-1910 " src="https://www.e-aposto...024343b509.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b2024343b509.png 505w, https://www.e-aposto...509-300x278.png 300w" sizes="(max-width: 505px) 100vw, 505px" /></p>
<p>FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.</p>
<p id="JUsPPae"><img class="alignnone size-full wp-image-1911 " src="https://www.e-aposto...0263f8acee.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b20263f8acee.png 313w, https://www.e-aposto...cee-140x300.png 140w" sizes="(max-width: 313px) 100vw, 313px" /></p>
<p>The Virtual Network Gateway can take up to 45 minutes to be created.</p>
<p>Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.</p>
<p id="YPfWjDz"><img class="alignnone size-full wp-image-1913 " src="https://www.e-aposto...02dc90828b.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b202dc90828b.png 599w, https://www.e-aposto...28b-300x238.png 300w" sizes="(max-width: 599px) 100vw, 599px" /></p>
<p>We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: <a href="https://docs.microso...to-site</a></p>
<p>For the root certificate run the below PowerShell using ISE:</p><pre class="crayon-plain-tag">$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign</pre><p>For the client certificate run the below PowerShell using ISE:</p><pre class="crayon-plain-tag">$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign</pre><p>Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –&gt; Certificates and right click –&gt; All Tasks export</p>
<p id="PSEWgMk"><img class="alignnone size-full wp-image-1919 " src="https://www.e-aposto...031ed7aa91.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b2031ed7aa91.png 679w, https://www.e-aposto...a91-300x202.png 300w, https://www.e-aposto...a91-600x405.png 600w, https://www.e-aposto...aa91-120x80.png 120w" sizes="(max-width: 679px) 100vw, 679px" /></p>
<p>Select to “not export the private key” and use Base64 encoded.</p>
<p id="bVAgGyk"><img class="alignnone size-full wp-image-1920 " src="https://www.e-aposto...03288e15e1.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b203288e15e1.png 457w, https://www.e-aposto...5e1-300x127.png 300w" sizes="(max-width: 457px) 100vw, 457px" /></p>
<p>Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.</p>
<p id="mVaxzmv"><img class="alignnone size-full wp-image-1921 " src="https://www.e-aposto...032f2672e2.png"alt="" /></p>
<p>this pfx file must be installed to all the client computers that will use this Point-to-Site connection.</p>
<p>Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.</p>
<p id="MDRVWDz"><img class="alignnone size-full wp-image-1922 " src="https://www.e-aposto...033859cca7.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b2033859cca7.png 905w, https://www.e-aposto...ca7-300x121.png 300w, https://www.e-aposto...ca7-768x310.png 768w, https://www.e-aposto...ca7-600x242.png 600w" sizes="(max-width: 905px) 100vw, 905px" /></p>
<p>Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.</p>
<p id="YXTWkeA"><img class="alignnone size-full wp-image-1923 " src="https://www.e-aposto...033f7e32a7.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b2033f7e32a7.png 647w, https://www.e-aposto...2a7-300x204.png 300w, https://www.e-aposto...2a7-600x408.png 600w" sizes="(max-width: 647px) 100vw, 647px" /></p>
<p>Paste the certificate text to the “Root certificated” –&gt; Public certificate data” field and add a name to the “Name” field.</p>
<p id="YKByLUE"><img class="alignnone size-full wp-image-1924 " src="https://www.e-aposto...0342cd032a.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/06/img_5b20342cd032a.png 1398w, https://www.e-aposto...032a-300x36.png 300w, https://www.e-aposto...032a-768x93.png 768w, https://www.e-aposto...2a-1024x124.png 1024w, https://www.e-aposto...032a-600x73.png 600w" sizes="(max-width: 1398px) 100vw, 1398px" /></p>
<p>Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.</p>
<p>In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.</p>
<p><a class="a2a_button_email" href="https://www.addtoany...nt-to-Site VPN"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-start-point-point-to-site-vpn%2F&amp;linkname=Azure%20Start%20Point%20%7C%20Point-to-Site%20VPN" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-start-point-point-to-site-vpn%2F&amp;title=Azure%20Start%20Point%20%7C%20Point-to-Site%20VPN" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-point-to-site-vpn/" data-a2a-title="Azure Start Point | Point-to-Site VPN"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-point-to-site-vpn/">Azure Start Point | Point-to-Site VPN</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


<a href="https://www.e-aposto...t-to-site-vpn/"class='bbc_url' rel='nofollow external'>Source</a>