Cloud with Hammad | Microsoft Azure Point To Site VPN | Azure P2S VPN configuration step by step

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone ahmad here welcome to my channel cloud with hamad diy cloud learning to inspire for today our cloud series i will be deploying point to site vpn in azure during the process i will create a network create and configure vpn gateway after that i will configure azure vpn software to localhost or on machine on-prem machine then we'll create some root certificate to authenticate and then lastly we'll create an iis vm using powershell to test our connectivity from our on-prem site to the cloud network but before we get into our lab if you are new to my channel please subscribe like and share with friends i would really appreciate it now without further delay let's go to our notes alright guys so on my whiteboard you can see that this diagram actually explains a little bit more that we will create a network we'll have configure our vpn gateway and then we'll also set up a local machine you can say on-prem or my machine up at the local where i am so what we'll do is we'll install some vpn software here after configuring this and we'll make sure we generate some search and to ensure that you know the cert matches the gateway here and so that it can authenticate once that is done we will actually like vpn into our cloud and then i will install a machine is machine up here in the cloud and will remote into that machine to see the connectivity also uh we'll try to remove the ip address like make it as a private ip and vpn it would so over here same same thing resource group virtual network subnet what's not going great way we'll either install ubuntu or is depends what it is we'll configure point to site connection and then we'll download and install vpn connection software and test the connection so now without further delay let's get into our lab all right guys i'm logged into my portal here with my user tenant and then the documents that i would say there is a document from microsoft how to configure point25 vpn just google it it will bring you to the same location how to configure it this is these are the steps that i'm going to follow up here which is in here there is this page actually how to generate root certificates i will actually leave a link on the github as well but you know this this is a place where you'll create certificates as well so let's create a resource group first and once we get here we'll create a resource group i'll give it a new subscription let's use my and then i would say point to site pp and you can do i'll do west us because that's closest to where i am and you i would suggest use the the closest location so that is easier for you to work click next and then create once the resource group is created we will create a virtual network so for virtual network will come here either you can type in virtual network or you can select it from here once i get to to virtual network you will add a virtual network over here we will give name resource group we'll select this resource group name of virtual network point to site v-net and then obviously it's on west u.s which is where my network is area space or a cider block we can leave it the way it is for 10.16 subnet we will default it to 1024. security we will disable the bass and hose denial attack firewall where we don't need it right now no tagging and then we'll just create the network okay the network is deploying uh the next thing what we'll do is we will create another subnet just for gateway so just like bastion hosts uh subnet uh virtual network gateway should also have their own subnet so once this is deployed we'll actually uh go in here and we'll click onto subnet once white we can come up here you can see there's a default we created up here you see gateway subnet so you will click on great with subnet it will pick up up like a insider block well it's going to pick up the subnet ips range and then you don't have to worry about negate when anything like that click save and it will create a subnet so what's going to happen is when we will create virtual network gateway it will pick up this subnet from our network so so just like bass and hoes firewall all of them has to be deployed in a different uh like a network a different subnet so i was just thinking that you know we should have just left it at 29 we don't need 251 space for gateway subnet but it's okay this is a lab but i would suggest 10.0.1.0 28 29 or 27 would be a better approach even the document reference do that too anyways uh we come here we created two subnet now we'll go to virtual network gateway once we get to virtual network gateway it takes good 10 minutes to create virtual network gateway so let's create this first once we get here we'll so this is the basic this is selected virtual network gateway to get your resource group so it's asking for us to select the p2s vnet that we created we will do that in a second here we'll give them a name of p2s [Music] v and vg and w gateway and then it's in west because that's where our resources are make sure we get rid type is vpn dot express route route based not policy-based uh generation sq since this is a lab i'll just do gw1 you can have gw2 as well these are sqaus documentations are here you can just go through here and it will tell you what squares are virtual network obviously we selected west us so we have a ps2vnet here we'll use that if you see up here it says gateway subnet it already picked up the one that we have that on without created separately a public ip for for gateway network to have an ip we need to create an ip so i would say point to site pip um and then assignment we don't we just leave it dynamic enable active routing it active routing is basically mostly sqs with multiple or sub gateways so it's for high performance or i would say high availability you use this we're not doing bgp so we're just going to leave it like that click next next and then we'll hit create okay so it's going to take good five minutes to deploy this machine in the meantime what we'll do is we'll also configure iis through powershell for that we just want to make sure that i'm going to pull up my powershell i'm going to bring the screen here so that it is i already have created a script for powershell first we want to make sure that we have logged in to my tenant so this is basically says connect az account uh this is a powershell command and this is tenant id which is what my tenant is and subscription which is my subscription i think my subscription is a different subscription so hold on for a second let me go and grab my number from subscription the subscription changing monthly so you know no point having to to save it or like so we're using this uh subscription so i'm just gonna copy not that one and we'll copy the subscription and then we'll go back to here we'll change this so it's saying that hey you know connect to this tenant id and this subscription so i'm going to select this we'll go slowly and i'll explain to you as well so click here click next it's going to pop up the box for me to ask to add my id and password um i'm just going to select this because i'm already have my id and password saved now it shows that hey hey it logged me in into pay as you go def test which is not what i want so i would just say a z disconnect i think it is a disconnect uh just happening at the back end it's the virtual network gateway is happening so just be patient with that let's do this he's going to use this command and i'll hit this it locked me out so once again i'm just gonna go back here just wanna make sure that i'm using the right subscription which i am so for some reason this is my subscription i'll go back all right so now it's logged me in into msdn that's it so that's good next thing is we need to define our resource group where do we want to create our vm location and the name of the vm i think so if i go back here we'll just click on resource group so we want to make sure that vm you can create anywhere if you want but i think what we're doing is we are vpn point vpn p2s-vpn is my resource group so i'll copy this okay p2s dash rg it will pick up our vesus name of the machine is issvm that's good this one we're going to just do a variable set here this variables is in the system now dollar credit is where we're going to put in the password of the virtual machine so this is like the credential right now if you do if i do dollar cred it won't show anything right test admin but if i do the whole thing dollar cred and it's going to ask me what do you want to keep the name of the machine so we'll just do test admin and then password click ok and the password resource group we already have defined so this one actually says hey create a new azure resource group name resource group which is this one and then location so location west u.s so once i do that it's going to say hey you know what the resource is already there do you want to um like well it created it so if i go here it created a resource group up there while while the deployment's still happening for our vpn gateway i'm just going to click here for a second and then we get to our resource group and then when i get here it's if you see it it is creating it will create so once that is done over here we will say hey create a new azvm resource group which we already have variable date name of that vm which already we have given it and then location which is west u.s what version of the image windows 2016 data center virtual network i would say in point to site dash v-net i think that was our virtual network uh if i say point-to-side v-net there that's the one and then uh name of the subnet you can say my subnet security group is the same public ip and then credential use the credential that i sep set it up up here and then port 80 is open for that so let's select this one and then hit this and it's going to go ahead and create the the vm there so if you can see uh creating azure resources uh public ip address this is using powershell so i mean you can do it through portal as well but you know it's working in in powershell and a little portal this is much better faster because we're doing something else all right so it's going to take a little bit few minutes all right so it created the specification we gave them resource group p2s rg and then vm name of the machine vm id and you know it succeeded next step is to install is on on that machine so click up here and i would select all the way here first public setting this is to execute windows feature web server so i would select this one and then i would select the command this vm extension for installing iis so a vm extension is name resource group one we define vm we already have set it up and it says microsoft compute publisher and then customer extension this is custom extension and public setting and location we already have defined it and we'll just hit this and it's going to go ahead and install iis on the website while this happens we're just going to minimize this this is going to take time um we'll go back here and then we'll see how is our virtual network gateway is taking place so it takes good so if i click here you can see how long it's it's gonna it's usually takes five or ten minutes so it's right now deploying it did deploy uh public ip now it is working on on virtual gateway so um so i would click up here you can download the setting and it will tell you you know it will give you the i take the script so it's taking time so once we get here and once this is deployed this is all uh going to show up we don't need that this is see if we hit json it's going to download the json file from that deployment okay for now we're just gonna wait till the gateway get deployed and obviously the vm is also installing all right guys one thing i was checking i believe it i gave the wrong resource group name so that's why i created its own resource group so if i minimize this to show you what i'm talking about and i come here and i believe when i was working on powershell the p2srg i gave so we should have given the p2s vpn if i look up here there is a vm created using powershell so the script one runs just fine except for the resource variable that we gave so you can see it's okay okay so if i to verify is is working if i go into this resource group all i have to do is locate the vm and look for the ip and once i have the ip i'm just going to put it on the browser to see if is running or not so copy this ip click here and i would just put in here this should run the ias server for us so you know it's you don't have to log in you don't have to just go in and install the user role you just do is here so anyway so i need iis to be in that vpn si2 point to site dash vpn resource group i'm going to just delete this one here while we're still going through the resource the deployment of virtual network gateway is already happening so i'm just going to do this quickly here come back here we already logged in it's going to define resource group again this time we're just correctly doing it like this dollar cradle resource group everything is going to be the same max and it says hey you know provided resource group already exists are you sure you want to yes if you remember in my my last uh when i was creating the other vm i said that he's going to ask you this question this is the question it's asking that is done and then same thing i'm just going to create here it's installing all right guys so the virtual network gateway is deployed if i click up here actually before we do that actually let's check out the detail so first we'll go back here for a second here we'll come here and then we look at the deployment detail i don't need to download click ok and you can see it took good 17 minutes 58 seconds to deploy a virtual network gateway in the meantime if i look at my powershell the machine is already been deployed up here as well so what we'll do is we'll also check for the machine resource group copy here and then once we hit enter we use this key it should deploy it should show us the ip address so um yep is installed so you can basically install uh is through powershell you don't have to log in you don't have to install the user role and then install iis so this is how you would do it all right so the next thing is to go log into our resource group once we get here you can see this is our resource group sku health configuration we just um configure it we'll use the default setting for configuration generation one sku gw1 if we want multiple gateways we can enable or disable and configure gbgp for connection we can have like this is like side to side i would just later on we'll go into azure side-to-side as well but now we'll come here point-to-side configuration on the left-hand side in the gateway once that loads we need to define an address pool so address pool is basically um like when how many machine can connect connect to click on configure address pool would be let's say my network is if i do uh ip cmd and ipconfig so i'm on 192 network and this is on 10 network the whole uh cloud and so we'll give this 172.16.01.0 24. so whatever machine out there uh on-prem at somebody's house when they log in to our cloud they will use this a address space subnet to their machine should show up like that tunnel type uh we're going to use ikev too we can do ssl and ikv but we'll just use this one for today authentication type if you want to do web authentication you can select active as your active directory will use as your certificate over here we just need to generate a root certificate as well as so for that what we'll do is um again we'll use powershell we'll come to a command here we i i showed you you can use this i'll leave the link as well but generating an exporting certificate from point to site using powershell we'll get here uh click up here so we already are logged in so this is needs to be run on your machine it can be a local machine i will just click this and it will generate a local certificate uh under name of p2s rootcert and then we'll just use a client certificate click here and click this and it will generate a client certificate that is a thumb print up here all right so in order for us to find this we'll just this is a conversion of certificate so i would say cert mgr dot msc i would think [Music] i think cert there you go so click here once we get here we need to convert these certificates so that we can authenticate our personal machine get to personal certificate these are the two one is all one is client so i would click on all and i will all task export and we'll export this first into a private key next we'll use base encoder so that we can have that uh like a thumb print or the subs encryption key in a text format we'll click next where do you want to save uh you can have it wherever download you can even put it in your s3 bucket or storage blob or i'm just going to leave it at the desktop for now i'll just say c1 as a certificate one and i will save next and next and it it did certificate was installed for the root machine and then now we'll right click on this one uh we will actually let's do this first let's go back here and this one is installed so i'll open it as root notepad and then from here all the way till here i copy this and i would go back to my portal and i would paste up here and i would just give it a name of cert root i will say root cert and i would save it once that is done it's happening in the meantime i'll go back here and i will try to install the client authentication so right click here export first i will export it and then i will install it next i would export this into private key next and then this time it's saying personal information exchange all these include all certificate path and possible next password i was just given password okay click next um i guess we'll just do it in the desktop as well i would say cc2 client certificate 2 save next and then finish once you finish this that's it you're done here x out here in the meantime minimize this so you can see this certificate here so i'm just going to wait for this to finish once that happens we'll get uh certificate like all the settings are done it's going to give us an option to download the vpn client we'll we'll do that in a second i'm going to put a pause for a second and then come back right right the certificate information is saved it did show me and then there is an option for me to download the client i would do that in a second let's go back here for a second this is the search that is the client certificate i'll just right click and i will install pfx once that happens it's asking me for store location local machine or current user currently i'll just use it as current user click next it is going to specify you want to import i just set this next and then password that i set it up click next and automatically certificate click next and finish it's going to ask me you are about to install the certificate from a certification authority claiming to represent ps p2s root all this detail with the thumbprint click yes it successfully it's done all right let's go back here and click on download vpn and i'm hoping it's going to initiate the downloads shortly all right there you go downloaded the vpn it's a zip file so there you go so i would want to extract it in a compression so you can just say extract download you can do another folder here delete file select this folder you can create your own folder here so that's what it is so click here i would go download create file we'll use um windows amd64 and then this is a vpn client setup so double click on this it's asking me to do you want to install the pin client for p to s v net we say yes and it's doing everything click close and i believe we have installed the software so i would click here and say vpn open vpn and now you can see there is a vpn connection already established so i would click on this one ps2vnet that means that i am using my local computer i think we already showed up the ip address here and once we log in it should give me an ip address of 172 because that's the address poll i've defined so click connect it's going to pop up with this and it says you know you're logging into microsoft windows azure network and click connect i would click connect it's going to start the route dll file click connect established and verify password because we given the certificate running custom script and we are connected perfect so if i close this one here and i go up to my network click here so you can see that there is a vpn connection connected to our cloud and in here we'll get the first we'll see if we can remote and log into that public ip so click here on this resource group this is the vm now you can see that it is letting me log in with a public ip address from my home computer because i am vpn into so that completes the lab in the meantime what we'll do is we'll also try to use this local ip which is a private ip copy this here and then we'll just put that in and hit connect and it should also let us log in with the private ip so before we do that let's go to um network first on this machine and remove the public ip because we don't need a public ip so for you to see that you know you can establish a connection locally from your local machine and then you click onto network interface once you get to network interface i would go ipconfiguration and then i would just we don't need i could click on ipconfig one this is one of the exams question as well how do you like disable the public ip address you disassociate and you save once you save that what's going to happen is the machine would not have a public ip so you cannot access from a public ip but since we are vpn we can remote in using private ip address so i'll just show you in a second here this is the ip that machine has in a second here in the meantime let's go back here we go to our vm and overview so once i click onto overview if you if you know that we remove the public ip so we don't have a public ip and then we do have a private ip which is 10.4 and and we are vpn into our cloud so we're going to use 10.4 we'll hit connect and it should connect it should let us log into our machine click ok and it's going to let you log in yes all right so we are logged in to a machine that is on the cloud from vpning into this machine so this is gonna this is this is to complete the lab lab is complete to do a point to site vpn all right guys so uh last thing last as you can as you already know we have connected to our local machine uh onto the cloud and we have ios here we can install is actually and then we can use vpn into our local machine but you can see i am remoted into via vpn to a machine that is on on the cloud on the network okay that completes the lab what we're going to do is we'll disconnect i'll show you how to remove everything very easy so i just come here i would even if i need to i would just click here and select this and disconnect so we are now not anymore connected to the network you can see i got disconnected here i will cancel this i'll close this and then we'll we'll do quick one more thing here since we are already have created the two resources uh psp2srg and ps2 vpn we're just gonna delete them through powershell so i have command for that we're just going to do select here i would say p2s vpn that's one of the resource group we created i believe and we hit select this and we'll play this and this is going to go and remove everything from the from the resource group we have all right guys so you can see the resource group p2s vpn is deleted so if i go back here and i refresh i should see no resource group anything that i created virtual gateway network machine everything was deleted so that will be it our lap for our lab so just to recap we create a resource group virtual network subnet gateway vpn gateway we created a machine actually we did create it an is machine but i was in a different resource group uh point to saw site connection we created exchange some search between the client and the cloud installed vpn connection and we made a connection we logged in from our local computer through 172 network address pool and we got into our vm that was on our network on a private ip after removing the public ip that will be it for our lab uh thank you very much for watching feel free to subscribe and i would love for you to sh to share with your friends and like the video if you enjoyed them so until next time you have yourself a great day bye

Info

Channel: Hammad Siddiqui

Views: 1,369

Rating: undefined out of 5

Keywords: azure point to site vpn configuration step by step, azure point to site vpn certificate, azure point to site vpn setup, azure point to site vpn step by step, azure vpn gateway point to site configuration, azure vpn gateway point to site, azure point to site vpn tutorial, what is point to site vpn azure, Microsoft Azure Point To Site VPN, Cloud with Hammad, Cloud Security, Cloud Connectivity, Azure Cloud, Azure Virtual Network, Azure Virtual Machine, Azure VM, Azure VPN Gateway

Id: _k9Sgw1UxD8

Channel Id: undefined

Length: 37min 50sec (2270 seconds)

Published: Wed Mar 17 2021