Azure Point to Site VPN Configuration Step by Step | VPN Gateway | Certificates

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone in this video i'm going to show you how to create a point to site connection to nashua virtual network first i'm going to create the resources on azure a virtual network and a vm inside of that virtual network and then i'm going to install iis in that vm and after that i'm going to create a vpn gateway on azure and then i'm going to configure certificates so that my local machine this laptop that i'm showing you can access that website that i've hosted so before going forward let's understand the resource vpn gateway on azure vpn gateways are used for transferring encrypted traffic between azure virtual networks or on-premise to azure virtual networks and this virtual network gateway is composed of multiple virtual machines and they're managed you don't have access to those virtual machines but underneath they are a bunch of virtual machines that roads your traffic when you deploy this into a virtual network there is a special type of subnet called gateway subnet you should install this virtual network gateway in that gateway subnet because basically they are just virtual machines and here as you can see there are multiple sku's when the sku is higher you'll see you can have many side to side or point-to-side connections and throughput is higher and for availability you can deploy this virtual network gateway to availability zones on azure now that we have an understanding on what we are going to do today and what vpn gateways are let's get into a script that i have created here to create few resources that we need on azure first i'm going to create this resource group and then a virtual network and inside of that virtual network a subnet and a virtual machine inside of that subnet now let me copy these commands here and paste it here as you can see the resources are getting created now all right as you can see my virtual network and my vm is ready to make it a little bit more interesting let me install iis on this virtual machine all right that's done now it's time for me to go to my azure portal and create the virtual network gateway for that let me go into this resource group that we have just created and let me zoom out a little bit and here you can see that we have the virtual machine and the virtual network i'm going to create a vpn gateway let me search for it i'm going to name it vpn gateway1 and the region let me put that and the gateway type it's vpn not express route and i'm going with route based for this point site connection and sku basic is enough generation one is enough and then we need to select the virtual network and then it is asking me the gateway subnet address range and this address range is okay for me basically this will deploy another subnet in this virtual network and you can create that gateway subnet if you go into virtual networks submit section we have an option here to create the gateway subnet as well so i'm going with this option here this will create the gateway subnet and then since we are accessing this from public internet we need a public ip address let me call it pip and then i'm going to create this resource and this will usually take around half an hour to one hour to create this resource let me come after this resource is ready all right now our resource is ready after like 40 minutes now i'm going into the resource now we have the virtual machine and the virtual network also the virtual network gateway in place and we are ready to connect but for connecting to this virtual network we should have some kind of an authentication right because anyone can connect to it otherwise and that's why we need to configure certificate-based authentication to this virtual network gateway and our local computer let me do the configuration now i'm going into certificates i'm going to my user certificates of this computer and as you can see i have one already have one certificate here this is not relevant for this demo and for this to work we should have two certificates one is called root certificate and next one is called client certificate for generating those two certificates i have prepared this script here this will create those two certificates first it will create the root certificate and then it will create the client certificate based on that root certificate now i'm going into a powershell now let me zoom it in a little bit and i'm going to paste that two scripts here all right now if i go into this and refresh as you can see we have two certificates a root certificate and a client certificate i will be attaching this script down in the description if you want to use it and since we have these two certificates the next thing that we should do is we should export the public ip of this root certificate to install that on my azure vpn gateway for that let me right click and i'm going to export here i do not want to export the private key and this should be base64 encoded now let me save this i'm going to call it root cert all right now i have exported the public key of that root certificate and here as you can see we have that file that we have saved let me open this with notepad here as you can see we have the base64 representation of the certificate that we have with public key of this root certificate now i'm going back to azure portal and i'm going to point to site configuration in that virtual network gateway i'm going to select configure now and then let me call it root set whatever and then i'm going to paste that certificate i've just copied and then for the address pool let me give something like this so basically this will be the address full that will be used for assigning ip addresses for the devices that connect to this virtual network gateway as point to site connections now i have added this root certificate let me save this all right now as you can see we have this option enabled download vpn client now let me click on it saving this configuration and also downloading this will take around one minute to complete so you should wait around one minute until this completes all right now i'm going to keep that and i'm opening that file here we have three folders i'm going with windows amd and that contains an exe file as you can see i'm going to open it and then i'm going to select yes and it is asking me now whether i want to install this virtual network and remember this is the name that i have given to my virtual network all right once that is done it should go into settings of the computer and then vpn settings here you will see the virtual network name and we have an option to connect now let me click on connect and i'm going to select and yes as you can see we have successfully connected to that virtual network now if i go back to my resource group and then the virtual machine if i go into networking section you can see the private ip address of that virtual machine now i can try to access it as you can see we can access that virtual machine from the private ip address that's one other thing that i should tell you and that is we have generated these two certificates in this machine let's say you want to connect another computer to this virtual network you can just export this client certificate to that machine and then you can connect it from there now you know how to create a point to site vpn connection to azure virtual network if you have any questions or comments leave them down below and don't forget to subscribe if you learned something new today and thanks for watching

Info

Channel: Meet Kamal Today - Cloud Mastery

Views: 515

Rating: undefined out of 5

Keywords: azure point to site vpn, azure point to site vpn setup, azure point to site vpn client, point to site vpn azure, azure vpn gateway, azure vpn gateway setup, azure vpn gateway configuration, azure vpn gateway point to site

Id: j-dd_5Qh2L4

Channel Id: undefined

Length: 9min 57sec (597 seconds)

Published: Mon Oct 25 2021