Professional Documents
Culture Documents
2
Lab: Creating a Point to Site VPN on Microsoft Azure .............................................................................. 11
3. Specify VNET and Subnet name. Keep Address range default. Select Create new in
Resource group and give a unique name, click Create
4. Once VNET is created, navigate to VNET. You will be able to see properties of VNET. In
VNET, click All Settings
9. Assign public IP. Click New, write Public IP address and search for it
11. In Public IP address. Give name of IP address, use existing Resource group for the IP
address, click Create
13. Now, we have to create network gateway. Navigate to New>See all> Everything. Write
Virtual network gateway and select Virtual network gateway from the list
14. Give Name of virtual network gateway. For Virtual Network, select AlexVNET1 which you
had created in above steps. Select Public IP address created and click Create
Follow the 1 to 14 steps to create second VNET, Public IP address and Virtual Network
Gateway.
2. Select connection type Vnet-to-Vnet. As a Resource group, use existing resource group
Alex1. Location will be automatically fill up. After that click Ok.
3. Specify Virtual network gateway of both VNETs. Select Xander and Xander2 respectively for
Shared key (write it manually) for the connection, click OK
4. In the summary, details of the connection, resource group, virtual network gateways and
shared key has been display. After verifying, click OK
5. As displayed below, connection is established. The status of two virtual network gateway
Xander2-to-Xander is Connected. You can also observe that some amount of Data
transferred between these to VNETs
6. Same scenario can also see in the other virtual network gateway Xander-to-Xander2. The
connection is established and data has been transferred between the VNETs.
10
11
12
5. Create the Virtual network. Note that the DNS server specified should be a DNS server
that can resolve the names for the resources you are connecting to. For this example,
we used a Public IP address, but you will want to put in your own values here.
New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location
$Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub DnsServer $DNS
6. Specify the variables for the Virtual network you just created
$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" VirtualNetwork $vnet
13
7. Request a dynamically assigned Public IP address. This IP address is necessary for the
Gateway to work properly. You will later connect the gateway to the Gateway IP
configuration
$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG Location $Location -AllocationMethod Dynamic
$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName Subnet $subnet -PublicIpAddress $pip
12. To get the Public key, export the certificate as a Base64-encoded X.509 (.CER) file. Make
note of the file path where you exported to .cer file. Below is a sample of obtaining the
Base64 string representation of your certificate. You'll need to use your own .cer file
path for this step.
$filePathForCert = "pasteYourCerFilePathHere"
$cert = new-object
System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName PublicCertData $CertBase64
14
13. Create the virtual network gateway for your VNet. The -GatewayType must be Vpn and
the-VpnType must be RouteBased
14. Download the VPN client configuration package. In this step, use the following example
to download the client configuration package. The PowerShell cmdlet will return a URL
link. Copy-paste the link that is returned to a web browser to download the package to
your computer. Below is an example of what the returned URL will look like
Get-AzureRmVpnClientPackage -ResourceGroupName $RG `
-VirtualNetworkGatewayName $GWName -ProcessorArchitecture x84
15. Generate and install the client certificates (*.pfx) created from the root certificate on
the client computers
16. Next step is to export this and install it on the client that will access the virtual network
15
17. Click Start > Run and type certmgr.msc. Expand Personal > Certificates > Select the
RootCertificateName > All Tasks > Export
16
21. Enter a name for the export file. Make sure to set the path (default is
C:\Windows\System32)
17
23. Go to Control Panel\Network and Internet\Network Connections, you should see the
VPN connection listed with the same name as the virtual network. Click on Connect
18
26. To verify that your VPN connection is active, open an elevated command prompt, and
runipconfig/all
19