How to Configure Point-to-Site VPN on Azure

Point-to-Site VPN helps us connect through a secure network from a client computer to an Azure virtual network. This simply means you can connect to a compute resource using their private IP on the Azure Virtual Network. What is Point-to-Site VPN A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client’s computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet. What is a VPN Gateway A VPN gateway is a type of virtual network gateway that sends encrypted traffic between your virtual network and your on-premises location across a public connection. You can also use a VPN gateway to send traffic between virtual networks across the Azure backbone. Creating a Virtual Network Firstly, we need to create a Virtual Network Step 1: Sign in to the Azure Portal. Step 2: Search for virtual network in Azure portal. Step 3: In the search results, select virtual network right under Marketplace. Step 4: On the Virtual network page, click on Create. Step 5: Under the Basics tab, choose the Subscription you want to use for this project. Step 6: Resource group can be selected from existing resource group, or a new resource group can be created by clicking on Create new. Step 7: Enter a preferred name for the virtual network. Step 8: Choose a preferred location for the Virtual Network, by clicking on the drop-down and selecting the region you prefer, and then click on next at the bottom. Note: The location determines where the resources that you deploy to this VNet will live. For this tutorial, we will leave the Security tab with the default settings and then click on next again. We will be using the for our address space and for the subnet we will create two subnets: abcofcloudsubnet with a subnet address space of Step 9: On the IP addresses tab click on the Add an IP address space and select the Address space type radio button for IPv4. Starting address type, Address space size use the drop-down to select /16 (65536 addresses) and click the Add button. Step 10: After this has been added you can now delete the default address space. Step 11: This is the time we add our subnet, click on the plus(+) button beside Add a subnet, and on the pop-out button by the right under the Subnet details enter a preferred name, for this tutorial I will be using abcofcloudsubnet, the Starting address as and Subnet size as /24 (256 addresses) then click on the Add button. Step 12: Click on the Review + Create button to have an overview of your settings and then click Create. Let’s Create the VPN Gateway Step 1: Search for Virtual network gateway in Azure portal. Step 2: In the Search result, under Marketplace select Virtual network gateway. Step 3: Choose the subscription you want from the drop-down. Step 4: The Resource Group will be auto-filled when we select the virtual network. Step 5: Enter any preferred name for your gateway. Step 6: We will be using VPN as the Gateway type in this tutorial. Step 7: Route-based is the VPN type we will be using for this tutorial, this can be selected based on your requirement or business need. Step 8: SKU will be VpnGw2AZ for this tutorial, I will be adding some links where you can learn more about the SKU, resizing, and zone redundant. Step 9: Generation2 will be the choice for this tutorial. Step 10: Our Virtual network will be the one we created previously. Step 11. You can either create a subnet in your virtual subnet with the name Gatewaysubnet or you get the Gateway subnet address range automatically. Step 12: We will change the default Gateway subnet address range to or larger which is (/26,/25,/24, etc.)  Anything lesser will throw an error if you’re trying to deploy a zone-redundant/zonal gateway and also this allows enough IP addresses for future changes. Step 13: Public IP address is set to Create new; you can choose to use existing if you already have one created. These settings specify the public IP address object that gets associated with the VPN gateway. The public IP address is assigned to this object when the VPN gateway is created. The only time the primary Public IP address changes is when the gateway is deleted and re-created. It doesn’t change across resizing, resetting, or other internal maintenance/upgrades of your VPN gateway. Step 14: Enter a preferred name for the Public IP address name. The Assignment setting is controlled by the Public IP Address Type value. Enable active-active mode and Configure BGP will be disabled in this tutorial. Step 15: Click on Review + Create and then Create. Tags can be added based on your requirements. Once you hit the Create button, it’s time to go get a bottle of drink because I also paused and went to a bottle of drink. Also, make sure you don’t refresh the page because it can take 45 minutes or more to fully create and deploy. You will see the status of the deployment on the overview page for the gateway. Welcome from the short break, the next thing we will be doing is creating a Self-Sign root and client certificate. Creating Self-Signed Certificate Step 1: Open PowerShell with elevated privileges from a computer running Windows 10 or later, or Windows Server 2016. Step 2: Copy and paste the cmdlet below on PowerShell. This cmdlet will create a self-signed root certificate named ‘abcofcloudP2SRootCert’ that is automatically installed in ‘Certificates-Current User\Personal\Certificates’. If you want to use your preferred name modify the

How to Configure Point-to-Site VPN on Azure Read More »