by

Creating a P2S VPN connection

Creating a P2S VPN connection
by

Goal:

this time, the goal is to create a Point-to-Site VPN Link between an Azure Virtual Network and a local Client

Topology:

Azure required components:

  • Vnet
  • Subnets
  • Gateway Subnet
  • VPN Gateway
  • VM
  • Storage Account
  • Azure VPN Client profile

On-prem required components:

  •   Azure VPN Client Application

Actions:

  • create a VNET and a Virtual Network Gateway
  • open a browser and login with an account having Global Admin permissions on your AAD Directory and grant permissions to the Azure VPN Application

https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

  • On the Virtual Application Gateway – Point2Site Configuration enter the onpremise IP Address Range and the following:

Tenant:     https://login.microsoftonline.com/<directory_id>

Audience: 41b23e61-6c1e-4545-b367-cd054e0ed4b4

Issuer:      https://sts.windows.net/<directory_id>/

  • download the newly configured VPN Client profile
  • copy the VPN Client Profile
  • Now it is time to install the Azure VPN Client App from the Windows Store

https://www.microsoft.com/en-us/p/azure-vpn-client-preview/9np355qt2sqb?rtc=2&activetab=pivot:overviewtab

  • open the VPN Client and Import the XML Profile
  • Now you can click on “Connect”
  • login with an Account belonging to your AAD tenant
  • after the connection is created, the routing shows correct configuration between the Onpremise Client and the Azure IP Address Range of the VNET connected via the Gateway

And also the new routes should show up in your local table.

  • the same the other way around from the effective routes on the Azure VM

Mission Completed 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *