Knowledgebase
Azure Pack : S2S VPN Windows Server 2012R2
Posted by Sugen S. on 30 July 2018 04:49 PM

Scenario as below

 

1: Configure Site 2 Site on Shinjiru Cloud Portal
Open Virtual Network Dashboard on Shinjiru Cloud Portal.
Go to SITE-TO-SITE VPN.
Click CREATE VPN.
 
Define VPN name
Input the ON premise IP Address.
Add PreShared Key. Use Harder Key.
 
Input Local IP segment from On Premise Infra.
 
Choose bandwidth. Usually I leave it default.
 
And press on tick to finish.
 
Now User will see Gateway IP Address: 101.99.80.38
This is the IP that will be used to configure VPN on Remote Site/ ON Premise.

 

2: Using Windows 2012R2 As ON Premise VPN Server

 

Network Prerequisite in Server
EG:

External IP

124.217.250.200

Internal IP

10.100.10.5

 
In your VPN Server (124.217.250.200 & 10.100.10.5) Open Server Manager to add Roles.
 
Click Next
 
Choose Local Server and click Next.
 
In server Roles. Click on Remote Access to add this Role in the going to be  VPN Server.
 
Just Next Here.
 
Next Again.
 
Add Features and Tick on Include Management Tools (if applicable)
 
Choose 2 Roles.
DirectAccess and VPN (RAS)
Routing
 
Just Next Here.
 
Leave Default Options and Next.
 
Now Install.
 
Wait for installation to finish.
 
Installation done. Now we will have Routing and Remote Access In "ControlPanel > Administrative Tools"
Open Routing and Remote  Access.
 
Right Click Local Server and Configure and Enable Routing and Remote Access.
 
Click Next
 
Choose Custom configuration
 
Choose
VPN access
Demand-dail connections
NAT
LAN routing
And click Next.
 
Click Finish
 
Click On Start Service.
 
Service Starting.
 
In Network Interface. Right Click it and choose New Demand-dail Interface.
 
Name the Interface to your preference. Then Click Next.
 
Choose VPN. Then Click Next.
 
Choose IKEv2. Then Click Next.
 
Add IP from Shinjiru Virtual Network. Gateway IP. Click Next
 
Sample from Portal
 
Check Route IP Packets on this interface. Click Next.
 
Click Add to add Local Segment in Shinjiru Azure Cloud for the VM.
 
Local Segment in Shinjiru Cloud is 10.0.0.0/24 with Metric 100
 
Added and now Next.
 
No need to fill. Just Click Next.
 
Click Finish.
 
New VPN interface is created.
Right Click on the VPN interface and go to Properties.
 
Go to Security Tab.
 
Click On Security Tab. Choose Use Preshared Key for authentication.
Must be same key on both sides.
Key used here is a simple sample.
Once everything is working, change key to something hard to guess with lowercase, uppercase and numbers with symbols.
 
 
Once preshared key is input, Now right click VPN interface and Click Connect.
 
Connecting
 
Connected. Can see in Connection State.
 
Ping to Shinjiru Azure Pack Cloud local segment(Server in Cloud With Local IP) and its able to ping.
Make sure OS firewall in Cloud and On premise is allowed to accept ping request to do ping test. If not ping test will fail even when both site are actually connected..
After Ping test successful can also reconfigure OS firewall to block ping again for added security.
 
Done

 

 

For VPN Client behind the ON PREMISE Site 2 Site VPN server.

 

Network Prerequisite

Local IP

10.100.10.10

Gateway

10.100.10.5

 
Now I can ping VM in Azure with Site 2 Site connection up.
 
But cannot Ping internet

 

 

Create NAT for Servers behind the VPN Server with the same public IP (IF NEEDED ONLY)

In VPN Server (10.100.10.5) We will create NAT connection.
 
Here Choose NAT and Click Ok
 
Here now we have new NAT interface.
 
Right Click NAT then Click New Interface
 
Choose External NIC(The Name he depends on your Interface Name user Set or default in Network Connection Manager)
Click OK
 
Choose Public Interface and Enable NAT.
Click OK.
 
New NAT Interface Created
 
Go back to Server Behind the VPN Server (10.100.10.10) and Ping 8.8.8.8
It will ping successfully to internet and local IP in Shinjiru Cloud Azure Pack
Internet is also now available.
 
Both Internet and Local IP at Shinjiru Cloud Azure Pack is now available in Server behind the VPN server (10.100.10.10)
 
In VPN Server (10.100.10.5) you will see packets used in NAT interface. It will show after refresh.
 
Done
(0 vote(s))
Helpful
Not helpful

Comments (0)
Copyright © 1998 - 2018 Shinjiru International Inc. All Rights Reserved.