Jump to content
Sign in to follow this  
  • entries
    141
  • comments
    0
  • views
    79121

Azure Start Point | Point-to-Site VPN

Sign in to follow this  
proximagr

257 views

Azure Start Point | Point-to-Site VPN
In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.
If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
Create typical a VIrtual Network
img_5b20228473455.png
In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.
img_5b2024343b509.png
FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.
img_5b20263f8acee.png
The Virtual Network Gateway can take up to 45 minutes to be created.
Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.
img_5b202dc90828b.png
We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
For the root certificate run the below PowerShell using ISE:

 



1


2


3


4



$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
For the client certificate run the below PowerShell using ISE:

 



1


2


3


4



$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –> Certificates and right click –> All Tasks export
img_5b2031ed7aa91.png
Select to “not export the private key” and use Base64 encoded.
img_5b203288e15e1.png
Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.
img_5b2032f2672e2.png
this pfx file must be installed to all the client computers that will use this Point-to-Site connection.
Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.
img_5b2033859cca7.png
Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.
img_5b2033f7e32a7.png
Paste the certificate text to the “Root certificated” –> Public certificate data” field and add a name to the “Name” field.
img_5b20342cd032a.png
Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.
In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...