Lab: Create a VNet-to-VNet virtual network ...............................................................................................

2
Lab: Creating a Point to Site VPN on Microsoft Azure .............................................................................. 11

Lab: Create a VNet-to-VNet virtual network

Lab: Create a VNet-to-VNet virtual network

Task 1: Create a Virtual Network

1. Go to portal, click New > Networking > Virtual Network

2. Select Resource Manager as a deployment model and click Create

Lab: Create a VNet-to-VNet virtual network

3. Specify VNET and Subnet name. Keep Address range default. Select Create new in
Resource group and give a unique name, click Create

4. Once VNET is created, navigate to VNET. You will be able to see properties of VNET. In
VNET, click All Settings

Lab: Create a VNet-to-VNet virtual network

5. In the Settings blade of VNET, click Subnets

6. In Subnets section, click Gateway subnets

7. Keep Address range section as default and click OK.

Lab: Create a VNet-to-VNet virtual network

8. In Subnets section, you can see GatewaySubnet is created

9. Assign public IP. Click New, write Public IP address and search for it

10. Following window will open, click Public IP address

Lab: Create a VNet-to-VNet virtual network

11. In Public IP address. Give name of IP address, use existing Resource group for the IP
address, click Create

12. IP address has been created

13. Now, we have to create network gateway. Navigate to New>See all> Everything. Write
Virtual network gateway and select Virtual network gateway from the list

Lab: Create a VNet-to-VNet virtual network

14. Give Name of virtual network gateway. For Virtual Network, select AlexVNET1 which you
had created in above steps. Select Public IP address created and click Create

Follow the 1 to 14 steps to create second VNET, Public IP address and Virtual Network
Gateway.

Lab: Create a VNet-to-VNet virtual network

Task 2: Creating connection between to VNETs.

1. To create connection, navigate to New > Search for Connection as shown below and click
Connection

2. Select connection type Vnet-to-Vnet. As a Resource group, use existing resource group
Alex1. Location will be automatically fill up. After that click Ok.

Lab: Create a VNet-to-VNet virtual network

3. Specify Virtual network gateway of both VNETs. Select Xander and Xander2 respectively for
Shared key (write it manually) for the connection, click OK

4. In the summary, details of the connection, resource group, virtual network gateways and
shared key has been display. After verifying, click OK

Lab: Create a VNet-to-VNet virtual network

5. As displayed below, connection is established. The status of two virtual network gateway
Xander2-to-Xander is Connected. You can also observe that some amount of Data
transferred between these to VNETs

6. Same scenario can also see in the other virtual network gateway Xander-to-Xander2. The
connection is established and data has been transferred between the VNETs.

10

Lab: Creating a Pint to Site VPN on Microsoft Azure

Lab: Creating a Point to Site VPN on Microsoft Azure

1. Login to Azure Resource Manager Portal
Login-AzureRmAccount
2. In this configuration, the following PowerShell variables are declared with the values
that you want to use. The declared values will be used in the sample scripts. Declare the
values that you want to use. Use the sample below, substituting the values for your own
when necessary
$VNetName = "TestVNet"
$FESubName = "FrontEnd"
$BESubName = "Backend"
$GWSubName = "GatewaySubnet"
$VNetPrefix1 = "192.168.0.0/16"
$VNetPrefix2 = "10.254.0.0/16"
$FESubPrefix = "192.168.1.0/24"
$BESubPrefix = "10.254.1.0/24"
$GWSubPrefix = "192.168.200.0/26"
$VPNClientAddressPool = "172.16.201.0/24"
$RG = "TestRG"
$Location = "East US"
$DNS = "8.8.8.8"
$GWName = "GW"
$GWIPName = "GWIP"
$GWIPconfName = "gwipconf"
$P2SRootCertName = "alexrom.cer"

11

Lab: Creating a Pint to Site VPN on Microsoft Azure

3. Create a new Resource group

New-AzureRmResourceGroup -Name $RG -Location $Location

4. Create the subnet configurations for the virtual network, naming

them FrontEnd, BackEnd, and GatewaySubnet. Note that these prefixes must be part of
the VNet address space declared above
$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $FESubName -AddressPrefix
$FESubPrefix
$besub = New-AzureRmVirtualNetworkSubnetConfig -Name $BESubName AddressPrefix $BESubPrefix
$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName AddressPrefix $GWSubPrefix

12

Lab: Creating a Pint to Site VPN on Microsoft Azure

5. Create the Virtual network. Note that the DNS server specified should be a DNS server
that can resolve the names for the resources you are connecting to. For this example,
we used a Public IP address, but you will want to put in your own values here.
New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location
$Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub DnsServer $DNS

6. Specify the variables for the Virtual network you just created
$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" VirtualNetwork $vnet

13

Lab: Creating a Pint to Site VPN on Microsoft Azure

7. Request a dynamically assigned Public IP address. This IP address is necessary for the
Gateway to work properly. You will later connect the gateway to the Gateway IP
configuration
$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG Location $Location -AllocationMethod Dynamic
$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName Subnet $subnet -PublicIpAddress $pip

8. Add a trusted Certificate to Azure

9. From a computer running Windows 10, download and install the Windows Software
Development Kit (SDK) for Windows 10
10. After installation, you can find the makecert.exe utility under this path: C:\Program
Files (x86)\Windows Kits\10\bin<arch>
C:\Program Files (x86)\Windows Kits\10\bin\x64\makecert.exe
11. Start command prompt as Administrator, navigate to one of the location above and run
the command below:
makecert.exe -n "CN=alexrom" -pe -sky exchange -m 96 -ss My -in "alexrom.cer" -is my
-a sha1
The name of the certificate, in this case it is alexrom

12. To get the Public key, export the certificate as a Base64-encoded X.509 (.CER) file. Make
note of the file path where you exported to .cer file. Below is a sample of obtaining the
Base64 string representation of your certificate. You'll need to use your own .cer file
path for this step.
$filePathForCert = "pasteYourCerFilePathHere"
$cert = new-object
System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName PublicCertData $CertBase64
14

Lab: Creating a Pint to Site VPN on Microsoft Azure

13. Create the virtual network gateway for your VNet. The -GatewayType must be Vpn and
the-VpnType must be RouteBased

14. Download the VPN client configuration package. In this step, use the following example
to download the client configuration package. The PowerShell cmdlet will return a URL
link. Copy-paste the link that is returned to a web browser to download the package to
your computer. Below is an example of what the returned URL will look like
Get-AzureRmVpnClientPackage -ResourceGroupName $RG `
-VirtualNetworkGatewayName $GWName -ProcessorArchitecture x84

15. Generate and install the client certificates (*.pfx) created from the root certificate on
the client computers
16. Next step is to export this and install it on the client that will access the virtual network

15

Lab: Creating a Pint to Site VPN on Microsoft Azure

17. Click Start > Run and type certmgr.msc. Expand Personal > Certificates > Select the
RootCertificateName > All Tasks > Export

18. In the Certificate Export Wizard, click Next

19. Select Yes, export the Private key and click Next
Make sure .PFX format is selected and there is a check next to Include all certificates in the
certification path if possible. Click Next

16

Lab: Creating a Pint to Site VPN on Microsoft Azure

20. Set a Password

21. Enter a name for the export file. Make sure to set the path (default is
C:\Windows\System32)

17

Lab: Creating a Pint to Site VPN on Microsoft Azure

22. Review and click finish

23. Go to Control Panel\Network and Internet\Network Connections, you should see the
VPN connection listed with the same name as the virtual network. Click on Connect

18

Lab: Creating a Pint to Site VPN on Microsoft Azure

24. Click Connect

25. Click on Continue

26. To verify that your VPN connection is active, open an elevated command prompt, and
runipconfig/all

19