Creating a Point-to-Site Connectivity using Azure Resource Manager

01Sep

Creating a Point-to-Site Connectivity using Azure Resource Manager

Karanmeet Singh | Microsoft Azure | Microsoft Azure | 0 Comments | Return

Configure a Point-to-Site connectivity to a VNet using PowerShell (ARM Mode)

Task 1: Create a Self-Signed certificate

1.	Login to your Visual Studio Virtual Machine using your credentials. Create a folder C:\P2S Certificates.
2.	Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.
3.	Run cd C:\P2S Certificates.
4.	Run the command: makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName.cer"
5.	Verify that your certificate is there in the folder C:\P2S Certificates

Task 2: Copy and store the Public Key of the root certificate in a safe location

1.	Go to Run and type certmgr.msc. Click Run
2.	In the certmgr window, expand Personal and click on Certificates. Right click the certificate RootCertificateName àAll Tasks à Export
3.	In the Certificate Export Wizard, click Next -> No, do not export the private key -> Next
4.	Choose Base-64 encoded X.509 (.CER) format and then click Next. In the next window, enter C:\P2S Certificates\PublicKey.cer and then click Next.
5.	Click Finish and then click OK
6.	Verify that the PublicKey.cert file is there in the folder C:\P2S Certificates

Task 3: Copying Public Key in a new notepad file

1.	Right click the PublicKey.cert file and open with notepad.
2.	Remove ------BEGIN CERTIFICATE and -----END CERTIFICATE-----
3.	Start removing the spaces from the bottom left corner. Repeat until you get a straight line of the Text in the notepad.
4.	Save the file as PublicKeyText.txt in the same folder.

Task 4: Creating a New Virtual Network with VPN Gateway using Azure PowerShell

1.	Open Azure PowerShell on your PCs and type Login-AzureRmAccount
2.	Enter your azure credentials and click on Sign in
3.	Choose a subscription by running the cmdlet Get-AzureRmSubscription
4.	Select that subscription by running the cmdlet Select-AzureRmSubscription -SubscriptionName "Name of subscription". Replace the “Name of Subscription” with the subscription name you chose in previous step.
5.	Copy the below script in a new notepad file $VNetName = "MyName-VNET4" #Replace MyName with YourName $FESubName = "FrontEnd" $BESubName = "Backend" $GWSubName = "GatewaySubnet" $VNetPrefix1 = "182.168.0.0/16" #Replace 168 with your Attendee number $VNetPrefix2 = "12.254.0.0/16" #Replace 254 with your Attendee number $FESubPrefix = "182.168.1.0/24" #Replace 168 with your Attendee number $BESubPrefix = "12.254.1.0/24" #Replace 168 with your Attendee number $GWSubPrefix = "182.168.200.0/26" #Replace 168 with your Attendee number $VPNClientAddressPool = "172.16.201.0/24" $RG = "MyName-RG" #Replace MyName with YourName $Location = "Central US" $DNS = "8.8.8.8" $GWName = "MyNameGW4" #Replace 4 with your Attendee number $GWIPName = "GWIP4" #Replace 4 with your Attendee number $GWIPconfName = "gwipconf4" #Replace 4 with your Attendee number $P2SRootCertName = "ARMP2SRootCert4.cer" #Replace 4 with your Attendee number $fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $FESubName -AddressPrefix $FESubPrefix $besub = New-AzureRmVirtualNetworkSubnetConfig -Name $BESubName -AddressPrefix $BESubPrefix $gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub -DnsServer $DNS $vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG $subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet $pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic $ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip $MyP2SRootCertPubKeyBase64 = "Paste your Public Key Here" $p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $MyP2SRootCertPubKeyBase64 New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert
6.	Replace the Values as specified in the comments
7.	Paste your Public Key Obtained from Task 3 in the double quotes of $MyP2SRootCertPubKeyBase64 variable.
8.	Save the file as CreateVNetWithCertificate.ps1
9.	Run PowerShell ISE as an administrator and run the above Script.
10.	Wait for a couple of minutes for the script to take its required action. Your output should be similar to this:

Task 5: Downloading the VPN Client Configuration Package

1.

In the same PowerShell_Ise window, run the cmdlet:

Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64

2.

Copy the URL from the output and run it in your browser.

3.

Save the client certificate in a safe location lets say C:\P2S Certificates.

Task 6: Generating and Installing the Client Certificate from the Root Certificate

1.	Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.
2.	Run cd C:\P2S Certificates.
3.	Run the command: makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
4.	Open Run using Win + R and Open certmgr.msc
5.	Expand Personal -> Certificate. Right click ClientCertificateName -> All Tasks -> Export.
6.	Click Next and then Select Yes, export the private key and then click Next
7.	Follow the further steps as described in the image below. Type Passwords as Desired.
8.	Select the directory to C:\P2S Certificates to store the certificate with name PrivateKey.pfx. Click Finish then. 16.
9.	Click OK.
10.	Confirm that the file is exported in the directory C:\P2S Certificates
11.	Double click the file and follow the procedures to Install.
12.	Enter your password for the password field and follow the rest of the procedures from the image.
13.	Click Finish and then click OK.

Task 7: Installing the Client VPN package and connecting to the VPN

1.	Navigate to the directory C:\P2S Certificates and install the Client Configuration Package.
2.	Click networks from the Bottom Right corner.
3.	You Will be able to see the VPN Network in the Networks Pane.
4.	Click Connect
5.	Click Connect Again
6.	Click Continue.
7.	Navigate back to the networks pane and confirm that the network connectivity has been established.
8.	To confirm that the connectivity has been established, open command prompt and run the command ipconfig /all. Your output should be similar to this.

THANKS!

Azure App Service Scaling Features And Capabilities

How to scale the application in Azure App Service. There are two workflows for scaling, scale up and...

Azure App Service (Build And Host Web Apps, Mobile-Back Ends Without Managing Infrastructure)

In this blog we will see what is Azure App Service, and it’s features and why do we use it, we can...

Azure Blob Storage: The PowerShell Way!

Hi folks!Great to see you again.This blog post is purely based on Azure Blob Storage: The PowerShell...

Create a Windows Server 2012 R2 VM using ARM in Azure PowerShell

Hi Folks,In this Blog Post we will learn how to create an Azure ARM Virtual Machine using Azure Powe...

Continuous Integration/ Continuous Deployment VSTS

Following the below steps you can build and deploy your ASP.NET app to Azure from either Visua...

How to Sync On-premise AD with Windows Azure AD using Azure AD Connect tool

Azure AD is a service that provides identity and access management capabilities in the cloud. ...

How to Create an Azure Virtual Network by using a Deployment Template

Hello Folks!In this Blog post, we will try to learn how to create an Azure V-Net using an ARM templa...

Locking VMs and Resources Groups with Azure Resource Manager using Azure PowerShell

Hello Folks!In this blog post we will be talking about locking down your Azure Resources with Azure ...

Microsoft Azure: Implementing Internet Facing Load Balancers using Azure Resource Manager

Howdy Folks!I was exploring Network Load Balancer in Azure Resource Manager and found out that you c...

Microsoft Azure Stack : Power of Azure in our datacentre

Why Azure Stack?Microsoft Azure Stack is a new hybrid cloud platform product that enables our organi...

Share

Try DevOpSmartBoard Ultimate complete Azure DevOps End-to end reporting tool

Sign Up

Recent
Popular
Tag

GitHub Capabilities in Mobile - Android & iOS

Ramesh Kumar 12/5/2022 11:20:00 AM

Utilize your mobile device to manage, collaborate, and triage your GitHub projects. A mobile app for iOS and Android both are available.
Using Git LFS to Manage Large File Storage

Ramesh Kumar 11/16/2022 11:47:00 AM

Git LFS (Huge File Storage) is an open-source Git extension that was created by Atlassian, GitHub, and few other open-source contributors. It minimizes the impact of large files in your repository by ...
Security Feature & Permission Access Capabilities in GHAS (GitHub Advanced Security)

Ramesh Kumar 11/16/2022 10:15:00 AM

Customers who purchase an Advanced Security license from GitHub get access to additional security capabilities. The GHAS feature comparison and the permission access requirements for security features...
DevOpSmartBoard - Org Level Reports -Part 2

Shilpa S 10/7/2022 10:47:00 AM

This report basically gives DevOps Organization user data, a list of users, and access to the organization's projects and teams that they are involved in, where we can also filter this display based o...

How to Host your Webpages on Google Drive

Ranganath Vishwanath 5/6/2014 9:47:00 AM

hosting, google drive

If you want to host your webpages quickly but don't have any web sever to host, then google drive is a greate alternative. You can use Google Drive to host your basic websites or even complex java...
How to Install TestNG framework (Step by Step installation process)

Sowmya V 9/26/2014 12:58:00 PM

TestNG framework

Steps to Install Eclipse using install new Software:Step 1: In Eclipse, on top menu bar, Under Help Menu, Click on "Install new Software" in help window. Step 2: Enter the URL (http://b...
Token Based Authentication for Web API's

Deviprasad Kotian 8/8/2017 10:55:00 AM

MVC, Web API, ASP.NET, Authentication

Securing ASP.NET Web API using Custom Token Based AuthenticationProviding a security to the Web API’s is important so that we can restrict the users to access to it. We can provide the security ...
Handling Radio buttons and Checkboxes using Selenium Webdriver

Giridhar B S 4/25/2016 11:08:00 AM

Automation, Selenium, Software Testing

The main difference between Radio button and Checkbox is that, using radio button we will be able to select only one option from the options available. whereas using checkbox, we can select multiple o...

Contact Us