Azure Pack : S2S VPN Windows Server 2012R2
Posted by Sugen S. on 30 July 2018 04:49 PM
Scenario as below
1: Configure Site 2 Site on Shinjiru Cloud Portal
Open Virtual Network Dashboard on Shinjiru Cloud Portal.
Go to SITE-TO-SITE VPN.
Click CREATE VPN.
Define VPN name
Input the ON premise IP Address.
Add PreShared Key. Use Harder Key.
Input Local IP segment from On Premise Infra.
Choose bandwidth. Usually I leave it default.
And press on tick to finish.
Now User will see Gateway IP Address: 220.127.116.11
This is the IP that will be used to configure VPN on Remote Site/ ON Premise.
2: Using Windows 2012R2 As ON Premise VPN Server
Network Prerequisite in Server
In your VPN Server (18.104.22.168 & 10.100.10.5) Open Server Manager to add Roles.
Choose Local Server and click Next.
In server Roles. Click on Remote Access to add this Role in the going to be VPN Server.
Just Next Here.
Add Features and Tick on Include Management Tools (if applicable)
Choose 2 Roles.
DirectAccess and VPN (RAS)
Just Next Here.
Leave Default Options and Next.
Wait for installation to finish.
Installation done. Now we will have Routing and Remote Access In "ControlPanel > Administrative Tools"
Open Routing and Remote Access.
Right Click Local Server and Configure and Enable Routing and Remote Access.
Choose Custom configuration
And click Next.
Click On Start Service.
In Network Interface. Right Click it and choose New Demand-dail Interface.
Name the Interface to your preference. Then Click Next.
Choose VPN. Then Click Next.
Choose IKEv2. Then Click Next.
Add IP from Shinjiru Virtual Network. Gateway IP. Click Next
Sample from Portal
Check Route IP Packets on this interface. Click Next.
Click Add to add Local Segment in Shinjiru Azure Cloud for the VM.
Local Segment in Shinjiru Cloud is 10.0.0.0/24 with Metric 100
Added and now Next.
No need to fill. Just Click Next.
New VPN interface is created.
Right Click on the VPN interface and go to Properties.
Go to Security Tab.
Click On Security Tab. Choose Use Preshared Key for authentication.
Must be same key on both sides.
Key used here is a simple sample.
Once everything is working, change key to something hard to guess with lowercase, uppercase and numbers with symbols.
Once preshared key is input, Now right click VPN interface and Click Connect.
Connected. Can see in Connection State.
Ping to Shinjiru Azure Pack Cloud local segment(Server in Cloud With Local IP) and its able to ping.
Make sure OS firewall in Cloud and On premise is allowed to accept ping request to do ping test. If not ping test will fail even when both site are actually connected..
After Ping test successful can also reconfigure OS firewall to block ping again for added security.
For VPN Client behind the ON PREMISE Site 2 Site VPN server.
Now I can ping VM in Azure with Site 2 Site connection up.
But cannot Ping internet
Create NAT for Servers behind the VPN Server with the same public IP (IF NEEDED ONLY)
In VPN Server (10.100.10.5) We will create NAT connection.
Here Choose NAT and Click Ok
Here now we have new NAT interface.
Right Click NAT then Click New Interface
Choose External NIC(The Name he depends on your Interface Name user Set or default in Network Connection Manager)
Choose Public Interface and Enable NAT.
New NAT Interface Created
Go back to Server Behind the VPN Server (10.100.10.10) and Ping 22.214.171.124
It will ping successfully to internet and local IP in Shinjiru Cloud Azure Pack
Internet is also now available.
Both Internet and Local IP at Shinjiru Cloud Azure Pack is now available in Server behind the VPN server (10.100.10.10)
In VPN Server (10.100.10.5) you will see packets used in NAT interface. It will show after refresh.