Wednesday 5 September 2018

Microsoft Azure - Point-to-Site Connectivity

Microsoft Azure - Point-to-Site Connectivity




In the last chapter, we saw how an endpoint can be created to access a virtual machine; this is quite a tedious task. If a virtual machine in virtual network needs to be connected with on-premise machine, the point-to-site connectivity is needed. Point-to-site connectivity makes it very productive to work with remote virtual machines.
Basically, a machine on-premise is connected to virtual network using point-to-site connectivity. However, we can connect up to 128 on-premise machines to virtual network in Azure. The access to the virtual network in cloud is granted through a certificate. The certificate has to be installed on each local machine that needs to be connected to the virtual network.

Enabling Point-to-Site Connectivity on Existing Virtual Network

If you have already created a virtual network in Azure, you can access it in management portal.
Step 1 − Log in to Azure management portal.
Step 2 − Click on ‘Networks’ in the left panel and select the network you want to work with.
Step 3 − Click on ‘Configure’ as shown in the following image.
Point-to-Site Connectivity
Step 4 − Check the ‘Configure Point-to-site connectivity’ checkbox. It will allow you to enter the starting IP and CIDR.
Step 5 − Scroll down and click ‘add gateway subnet’.
Point-to-Site Connectivity
Step 6 − Enter the Gateway subnet and click ‘Save’. Message shown in the following screen will pop up.
Step 7 − Click Yes and a point-to-site connectivity is done.
Point-to-Site Connectivity
You will need a certificate to access your virtual network.

Create a New Virtual Network with Point-to-site Connectivity

Step 1 − Click New → Network Services → Virtual Network → Custom Create.
Create New Connectivity
Step 2 − Enter Network’s name, select location and click on Next.
Virtual Network Details
Step 3 − On the next screen, Select ‘Configure a point-to-site VPN’ and click next.
Point-to-Site Connectivity VPN
Step 4 − You can select or enter starting IP and select CIDR.
Create New Connectivity
Step 5 − Enter Subnet and click ‘Add Gateway Subnet’ as done earlier and enter the required information.
Create New Connectivity
Step 6 − Point-to-Site connectivity is done.
Point-to-Site Connectivity Success
Step 7 − Click on the name of the network, as it is ‘MyNet’ in the above image.
Step 8 − Click on ‘Dashboard’ as shown in the following screen.
Dashboard
You will see that the gateway is not created yet. For it to happen, you will have to generate a certificate first.

Generate Certificates

The point-to-site VPN supports only self-signed certificate.

Create a Certificate

Step 1 − Go to the link msdn.microsoft.com or google ‘windows SDK for 8.1’. Then go to msdn link or the version of Windows for which you want the tool.
Step 2 − Download the encircled file as shown in the following image. It will be saved as .exe file named sdksetup on your machine.
Create a Certificate
Step 3 − Run the file. While running the installation wizard, when you reach the following screen uncheck the encircled part. By default they are checked.
SDK Features
Step 4 − After installation is complete, run Command Prompt as Administrator on your computer.
Step 5 − Enter the following commands one by one for creating root certificate
cd C:\Program Files (x86)\Windows Kits\8.1\bin\x64 

makecert -sky exchange -r -n "CN=MyNet" -pe -a sha1 -len 2048 -ss My
First command will change the directory in command prompt. In the above command change the highlighted part to the name of your network.
Command Prompt
Step 6 − Next enter the following command for creating client certificate.
makecert -n "CN=MyNetClient" -pe -sky exchange -m 96 -ss My -in "MyNet" -is my -a sha1 
Step 7 − Look for ‘mmc’ on your computer and run it.
MMC
Step 8 − Click ‘File’ and ‘Add/Remove Snap-in’.
Step 9 − In the screen that pops up, click ‘Certificate’ and then on ‘add’.
Step 10 − Select ‘My User Account’ and click on ‘Finish’.
Create a Certificate
Step 11 − Expand ‘Current User’ in the left panel, then ‘Personal’ and then ‘Certificates’.
Create a Certificate
You can see the certificates here.
Step 12 − Right click on certificate and click ‘All Tasks’ and then ‘Export’.
Export
Step 13 − Follow the wizard. You will have to name the certificate and select a location to save it.

Upload the Certificate

Step 1 − Login to Azure management portal.
Step 2 − Go to the network and click ‘Certificate’ and then click ‘Upload Root Certificate’.
Step 3 − Click browse and select the location of the certificate you just created.

Download the Client VPN Package

Client VPN Package will connect you to the network.
Step 1 − Go to network’s dashboard in azure management portal.
Step 2 − Scroll down and locate the following options at the right side of the screen.
Client VPN Package
Step 3 − Select the suitable option and download it. You will see a similar file on your computer. Run and install it.
Client VPN Package
Step 4 − When you’ll install it, Windows might try to prevent it. Choose ‘Run Anyway’ if this happens.
Step 5 − Go to ‘Networks’ on your machine and you will see a VPN connection available as shown in the following image.
VPN Connections
Step 6 − Click on that network as in this example ‘MyNet’ and connect. You will be connected to the network.

No comments:

Post a Comment