Azure Pack: S2S VPN Windows Server 2012R2
Posted by on 30 July 2018 04:49 PM

Scenario as below


1: Configure Site 2 Site on Shinjiru Cloud Portal
Open Virtual Network Dashboard on Shinjiru Cloud Portal.
Define VPN name
Input the ON premise IP Address.
Add PreShared Key. Use Harder Key.
Input Local IP segment from On Premise Infra.
Choose bandwidth. Usually I leave it default.
And press on tick to finish.
Now User will see Gateway IP Address:
This is the IP that will be used to configure VPN on Remote Site/ ON Premise.


2: Using Windows 2012R2 As ON Premise VPN Server


Network Prerequisite in Server

External IP

Internal IP

In your VPN Server ( & Open Server Manager to add Roles.
Click Next
Choose Local Server and click Next.
In server Roles. Click on Remote Access to add this Role in the going to be  VPN Server.
Just Next Here.
Next Again.
Add Features and Tick on Include Management Tools (if applicable)
Choose 2 Roles.
DirectAccess and VPN (RAS)
Just Next Here.
Leave Default Options and Next.
Now Install.
Wait for installation to finish.
Installation done. Now we will have Routing and Remote Access In "ControlPanel > Administrative Tools"
Open Routing and Remote  Access.
Right Click Local Server and Configure and Enable Routing and Remote Access.
Click Next
Choose Custom configuration
VPN access
Demand-dail connections
LAN routing
And click Next.
Click Finish
Click On Start Service.
Service Starting.
In Network Interface. Right Click it and choose New Demand-dail Interface.
Name the Interface to your preference. Then Click Next.
Choose VPN. Then Click Next.
Choose IKEv2. Then Click Next.
Add IP from Shinjiru Virtual Network. Gateway IP. Click Next
Sample from Portal
Check Route IP Packets on this interface. Click Next.
Click Add to add Local Segment in Shinjiru Azure Cloud for the VM.
Local Segment in Shinjiru Cloud is with Metric 100
Added and now Next.
No need to fill. Just Click Next.
Click Finish.
New VPN interface is created.
Right Click on the VPN interface and go to Properties.
Go to Security Tab.
Click On Security Tab. Choose Use Preshared Key for authentication.
Must be same key on both sides.
Key used here is a simple sample.
Once everything is working, change key to something hard to guess with lowercase, uppercase and numbers with symbols.
Once preshared key is input, Now right click VPN interface and Click Connect.
Connected. Can see in Connection State.
Ping to Shinjiru Azure Pack Cloud local segment(Server in Cloud With Local IP) and its able to ping.
Make sure OS firewall in Cloud and On premise is allowed to accept ping request to do ping test. If not ping test will fail even when both site are actually connected..
After Ping test successful can also reconfigure OS firewall to block ping again for added security.



For VPN Client behind the ON PREMISE Site 2 Site VPN server.


Network Prerequisite

Local IP


Now I can ping VM in Azure with Site 2 Site connection up.
But cannot Ping internet



Create NAT for Servers behind the VPN Server with the same public IP (IF NEEDED ONLY)

In VPN Server ( We will create NAT connection.
Here Choose NAT and Click Ok
Here now we have new NAT interface.
Right Click NAT then Click New Interface
Choose External NIC(The Name he depends on your Interface Name user Set or default in Network Connection Manager)
Click OK
Choose Public Interface and Enable NAT.
Click OK.
New NAT Interface Created
Go back to Server Behind the VPN Server ( and Ping
It will ping successfully to internet and local IP in Shinjiru Cloud Azure Pack
Internet is also now available.
Both Internet and Local IP at Shinjiru Cloud Azure Pack is now available in Server behind the VPN server (
In VPN Server ( you will see packets used in NAT interface. It will show after refresh.
(0 vote(s))
Not helpful

Comments (0)
Copyright © 1998 - 2021 Shinjiru International Inc. All Rights Reserved.