01Sep

Creating a Point-to-Site Connectivity using Azure Resource Manager

Configure a Point-to-Site connectivity to a VNet using PowerShell (ARM Mode)

Task 1: Create a Self-Signed certificate

 

1.

Login to your Visual Studio Virtual Machine using your credentials. Create a folder C:\P2S Certificates.

 

1

 

 

2.

Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.

2

3.

Run cd C:\P2S Certificates.

3

4.

Run the command:

makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName.cer"

4

 

5.

Verify that your certificate is there in the folder C:\P2S Certificates

5

 

 

Task 2: Copy and store the Public Key of the root certificate in a safe location

 

1.

Go to Run and type certmgr.msc. Click Run

21

 

2.

In the certmgr window, expand Personal and click on Certificates. Right click the certificate RootCertificateName àAll Tasks à Export

22

 

 

3.

In the Certificate Export Wizard, click Next -> No, do not export the private key -> Next

 

23

 

4.

Choose Base-64 encoded X.509 (.CER) format and then click Next. In the next window, enter C:\P2S Certificates\PublicKey.cer and then click Next.

24

 

5.

Click Finish and then click OK

25

 

6.

Verify that the PublicKey.cert file is there in the folder C:\P2S Certificates

26

 

Task 3: Copying Public Key in a new notepad file

 

1.

Right click the PublicKey.cert file and open with notepad.

 

31

 

2.

Remove ------BEGIN CERTIFICATE and -----END CERTIFICATE-----

    32

 

3.

Start removing the spaces from the bottom left corner. Repeat until you get a straight line of the Text in the notepad.

    33

4.

Save the file as PublicKeyText.txt in the same folder.

    34

 

 

Task 4: Creating a New Virtual Network with VPN Gateway using Azure PowerShell

 

1.

Open Azure PowerShell on your PCs and type Login-AzureRmAccount

41

 

2.

Enter your azure credentials and click on Sign in

42

 

3.

Choose a subscription by running the cmdlet Get-AzureRmSubscription

43

 

4.

Select that subscription by running the cmdlet Select-AzureRmSubscription -SubscriptionName "Name of subscription".
Replace the “Name of Subscription” with the subscription name you chose in previous step.
44

 

 

5.

Copy the below script in a new notepad file

 

$VNetName  = "MyName-VNET4"                   #Replace MyName with YourName

$FESubName = "FrontEnd"

$BESubName = "Backend"

$GWSubName = "GatewaySubnet"

$VNetPrefix1 = "182.168.0.0/16"               #Replace 168 with your Attendee number

$VNetPrefix2 = "12.254.0.0/16"                #Replace 254 with your Attendee number

$FESubPrefix = "182.168.1.0/24"               #Replace 168 with your Attendee number

$BESubPrefix = "12.254.1.0/24"                #Replace 168 with your Attendee number

$GWSubPrefix = "182.168.200.0/26"             #Replace 168 with your Attendee number

$VPNClientAddressPool = "172.16.201.0/24"

$RG = "MyName-RG"                             #Replace MyName with YourName

$Location = "Central US"

$DNS = "8.8.8.8"

$GWName = "MyNameGW4"                         #Replace 4 with your Attendee number

$GWIPName = "GWIP4"                           #Replace 4 with your Attendee number

$GWIPconfName = "gwipconf4"                   #Replace 4 with your Attendee number

$P2SRootCertName = "ARMP2SRootCert4.cer"      #Replace 4 with your Attendee number

 

$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $FESubName -AddressPrefix $FESubPrefix

$besub = New-AzureRmVirtualNetworkSubnetConfig -Name $BESubName -AddressPrefix $BESubPrefix

$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix

 

New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub -DnsServer $DNS

 

$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG

$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

 

$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic

$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip

 

$MyP2SRootCertPubKeyBase64 = "Paste your Public Key Here"

$p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $MyP2SRootCertPubKeyBase64

 

New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert

 

6.

Replace the Values as specified in the comments

46

7.

Paste your Public Key Obtained from Task 3 in the double quotes of $MyP2SRootCertPubKeyBase64 variable.

 

47

8.

Save the file as CreateVNetWithCertificate.ps1

 

48

 

9.

Run PowerShell ISE as an administrator and run the above Script.

 

 

10.

Wait for a couple of minutes for the script to take its required action. Your output should be similar to this:

410

 

 

 

 

Task 5: Downloading the VPN Client Configuration Package

 

1.

In the same PowerShell_Ise window, run the cmdlet:

Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64

51

 

2.

Copy the URL from the output and run it in your browser.

52

3.

Save the client certificate in a safe location lets say C:\P2S Certificates.

53

 

 

Task 6: Generating and Installing the Client Certificate from the Root Certificate

 

1.

Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.

61

2.

Run cd C:\P2S Certificates.

62

3.

Run the command:

makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1

 

 

4.

Open Run using Win + R and Open certmgr.msc

 

64

 

5.

Expand Personal -> Certificate. Right click ClientCertificateName -> All Tasks -> Export.

 65

 

6.

Click Next and then Select Yes, export the private key and then click Next

   66

    

7.

Follow the further steps as described in the image below. Type Passwords as Desired.

67

8.

Select the directory to C:\P2S Certificates to store the certificate with name PrivateKey.pfx. Click Finish then.

16.   68

9.

Click OK.

  69

10.

Confirm that the file is exported in the directory C:\P2S Certificates

610

11.

Double click the file and follow the procedures to Install.

611

12.

Enter your password for the password field and follow the rest of the procedures from the image.

612

13.

Click Finish and then click OK.

 

Task 7: Installing the Client VPN package and connecting to the VPN

 

1.

Navigate to the directory C:\P2S Certificates and install the Client Configuration Package.

71

2.

Click networks from the Bottom Right corner.

72

3.

You Will be able to see the VPN Network in the Networks Pane.

73

4.

Click Connect

74

5.

Click Connect Again

75

6.

Click Continue.

76

7.

Navigate back to the networks pane and confirm that the network connectivity has been established.

77

8.

To confirm that the connectivity has been established, open command prompt and run the command ipconfig /all. Your output should be similar to this.

78

 

 

 

THANKS!

Related

Azure Blob Storage: The PowerShell Way!

Hi folks!Great to see you again.This blog post is purely based on Azure Blob Storage: The PowerShell...

Read More >

Create a Windows Server 2012 R2 VM using ARM in Azure PowerShell

Hi Folks,In this Blog Post we will learn how to create an Azure ARM Virtual Machine using Azure Powe...

Read More >

Continuous Integration/ Continuous Deployment VSTS

Following the below steps you can build and deploy your ASP.NET  app to Azure from either Visua...

Read More >

How to Sync On-premise AD with Windows Azure AD using Azure AD Connect tool

 Azure AD is a service that provides identity and access management capabilities in the cloud. ...

Read More >

How to Create an Azure Virtual Network by using a Deployment Template

Hello Folks!In this Blog post, we will try to learn how to create an Azure V-Net using an ARM templa...

Read More >

Locking VMs and Resources Groups with Azure Resource Manager using Azure PowerShell

Hello Folks!In this blog post we will be talking about locking down your Azure Resources with Azure ...

Read More >

Microsoft Azure: Implementing Internet Facing Load Balancers using Azure Resource Manager

Howdy Folks!I was exploring Network Load Balancer in Azure Resource Manager and found out that you c...

Read More >

Microsoft Azure Stack : Power of Azure in our datacentre

Why Azure Stack?Microsoft Azure Stack is a new hybrid cloud platform product that enables our organi...

Read More >

Microsoft Azure : Mobile Services - Xamarian.Android with .Net

NOTE: Microsoft Azure recommends Azure App Service Mobile Apps for all new mobile backend deployment...

Read More >

Microsoft Azure : The cloud for modern business

 Why Azure? Microsoft Azure: Cloud Computing Platform and Services Move faster Save Money ...

Read More >

Share

Post a Comment

  • Recent
  • Popular
  • Tag
Tags
Monthly Archive
Subscribe
Name

Contact Us
  • *
  • *