Creatingazuresitetositevpnsstep by Step

Creating Azure Site to Site
(S2S) VPNs– Step by Step

Volume 1
Dave Kawula - MVP

Cary Sun – Cisco Champion (CCIE)
PUBLISHED BY
MVPDays Publishing
http://www.mvpdays.com
Copyright © 2018 by MVPDays Publishing
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any
means without the prior written permission of the publisher.
ISBN: TBA
Warning and Disclaimer

Every effort has been made to make this manual as complete and as accurate as possible, but no
warranty or fitness is implied. The information provided is on an “as is” basis. The authors and
the publisher shall have neither liability nor responsibility to any person or entity with respect to
any loss or damages arising from the information contained in this book.
Feedback Information
We’d like to hear from you! If you have any comments about how we could improve the quality
of this book, please don’t hesitate to contact us by visiting www.checkyourlogs.net or sending an
email to feedback@mvpdays.com.
Acknowledgements
iii
Acknowledgements
Acknowledgements
From Dave
Cristal, you are my rock and my source of inspiration. For the past 20 + years you have been
there with me every step of the way. Not only are you the “BEST Wife” in the world you are my
partner in crime. Christian, Trinity, Keira, Serena, Mickaila and Mackenzie, you kids are so patient
with your dear old dad when he locks himself away in the office for yet another book. Taking the
time to watch you grow in life, sports, and become little leaders of this new world is incredible to
watch.
Thank you, Mom and Dad (Frank and Audry) and my brother Joe. You got me started in this crazy
IT world when I was so young. Brother, you mentored me along the way both coaching me in
hockey and helping me learn what you knew about PC’s and Servers. I’ll never forget us as
teenage kids working the IT Support contract for the local municipal government. Remember
dad had to drive us to site because you weren’t old enough to drive ourselves yet. A great
career starts with the support of your family and I’m so lucky because I have all the support one
could ever want.
A book like this filled with amazing Canadian MVP’s would not be possible without the support
from the #1 Microsoft Community Program Manager – Simran Chaudry. You have guided us
along the path and helped us to get better at what we do every day. Your job is tireless and
your passion and commitment make us want to do what we do even more.
Last but not least, the MVPDays volunteers, you have donated your time and expertise and
helped us run the event in over 20 cities across North America. Our latest journey has us
expanding the conference worldwide as a virtual conference. For those of you that will read this
book your potential is limitless just expand your horizons and you never know where life will take
you.
iv
About the Authors
About the Authors

Dave Kawula - MVP
Dave is a Microsoft Most Valuable Professional (MVP) with over 20 years of experience in the IT
industry. His background includes data communications networks within multi-server
environments, and he has led architecture teams for virtualization, System Center, Exchange,
Active Directory, and Internet gateways. Very active within the Microsoft technical and
consulting teams, Dave has provided deep-dive technical knowledge and subject matter
expertise on various System Center and operating system topics.
Dave is well-known in the community as an evangelist for Microsoft, 1E, and Veeam
technologies. Locating Dave is easy as he speaks at several conferences and sessions each year,
including TechEd, Ignite, MVP Days Community Roadshow, and VeeamOn.
Recently Dave has been honored to take on the role of Conference Co-Chair of TechMentor with
fellow MVP Sami Laiho. The lineup of speakers and attendees that have been to this conference
over the past 20 years is really amazing. Come down to Redmond or Orlando in 2018 and you
can meet him in person.
As the founder and Managing Principal Consultant at TriCon Elite Consulting, Dave is a leading
technology expert for both local customers and large international enterprises, providing optimal
guidance and methodologies to achieve and maintain an efficient infrastructure.
BLOG: www.checkyourlogs.net
Twitter: @DaveKawula
v
Cary Sun – CCIE #4531
Cary Sun is CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) and MCSE, MCIPT, Citrix
CCA with over twenty years in the planning, design, and implementation of network technologies
and Management and system integration. Background includes hands-on experience with multi-
platform, all LAN/WAN topologies, network administration, E-mail and Internet systems, security
products, PCs and Servers environment. Expertise analyzing user’s needs and coordinating
system designs from concept through implementation. Exceptional analysis, organization,
communication, and interpersonal skills. Demonstrated ability to work independently or as an
integral part of team to achieve objectives and goals. Specialties: CCIE /CCNA / MCSE / MCITP /
MCTS / MCSA / Solution Expert / CCA
Cary’s is a very active blogger at checkyourlogs.net and always available online for questions
from the community. He passion about technology is contagious and he makes everyone around
him better at what they do.
Blog: www.checkyourlogs.net
Twitter: @SifuSun
vi
Technical Editors
Cristal Kawula – MVP
Cristal Kawula is the co-founder of MVPDays Community Roadshow and #MVPHour live Twitter
Chat. She was also a member of the Gridstore Technical Advisory board and is the President of
TriCon Elite Consulting. Cristal is also only the 2nd Woman in the world to receive the prestigious
Veeam Vanguard award.
Cristal can be found speaking at Microsoft Ignite, MVPDays, and other local user groups. She is
extremely active in the community and has recently helped publish a book for other Women
MVP’s called Voices from the Data Platform.
BLOG: http://www.checkyourlogs.net
Twitter: @supercristal1
vii
Emile Cabot - MVP

Emile started in the industry during the mid-90s working at an ISP and designing celebrity web
sites. He has a strong operational background specializing in Systems Management and
collaboration solutions, and has spent many years performing infrastructure analyses and
solution implementations for organizations ranging from 20 to over 200,000 employees.
Coupling his wealth of experience with a small partner network, Emile works very closely with
TriCon Elite, 1E, and Veeam to deliver low-cost solutions with minimal infrastructure
requirements.
He actively volunteers as a member of the Canadian Ski Patrol, providing over 250 hours each
year for first aid services and public education at Castle Mountain Resort and in the community.
BLOG: http://www.checkyourlogs.net
Twitter: @ecabot
viii
ix
Contents
Contents
Acknowledgements ...................................................................................................... iv
From Dave ............................................................................................................. iv
About the Authors ......................................................................................................... v

Dave Kawula - MVP ..................................................................................................... v
Cary Sun – CCIE #4531 ................................................................................................ vi

Technical Editors ....................................................................................................... vii
Cristal Kawula – MVP ............................................................................................ vii
Emile Cabot - MVP ............................................................................................... viii
Contents......................................................................................................................... x
Introduction ................................................................................................................. 13
North American MVPDays Community Roadshow ................................................... 13

Sample Files ............................................................................................................. 14
Additional Resources ................................................................................................ 14
Chapter 1...................................................................................................................... 16
Sophos UTM Firewall to Azure ................................................................................... 16

Configuring Settings in Azure .................................................................................... 16
Settings in Sophos UTM ........................................................................................... 25
Chapter 2...................................................................................................................... 27
x
Contents
Cisco Meraki to Azure ................................................................................................. 27

Verify the VPN Connection ....................................................................................... 40
Chapter 3...................................................................................................................... 41
Palo Alto to Azure........................................................................................................ 41

Settings in Palto Alto ................................................................................................. 50
Chapter 4...................................................................................................................... 52
Configruing a S2S VPN with Microsoft RRAS to Azure ............................................ 52

Configuring the RRAS Server’s NICs ........................................................................ 52
Configure the Roles on the RRAS Server ................................................................. 54
Configuring the Azure VPN ....................................................................................... 56
Configure Routing and Remote Access .................................................................... 66
Contact Us ................................................................................................................... 71
Join us at MVPDays and meet great MVP’s like this in person ................................ 71
Live Presentations .................................................................................................... 71
Video Training........................................................................................................... 71
Live Instructor-led Classes ........................................................................................ 72
Consulting Services .................................................................................................. 72
Twitter ....................................................................................................................... 73
xi
Contents
xii
Introduction North American MVPDays Community Roadshow
Introduction
North American MVPDays

Community Roadshow
The purpose of this book is to showcase the amazing expertise of our guest speakers at the
North American MVPDays Community Roadshow. They have so much passion, expertise, and
expert knowledge that it only seemed fitting to write it down in a book.
MVPDays was founded by Cristal and Dave Kawula back in 2013. It started as a simple idea;
“There’s got to be a good way for Microsoft MVPs to reach the IT community and share their
vast knowledge and experience in a fun and engaging way” I mean, what is the point in
recognizing these bright and inspiring individuals, and not leveraging them to inspire the
community that they are a part of.
We often get asked the question “Who should attend MVPDays”?
Anyone that has an interest in technology, is eager to learn, and wants to meet other like-
minded individuals. This Roadshow is not just for Microsoft MVP’s it is for anyone in the IT
Community.
Make sure you check out the MVPDays website at: www.mvpdays.com. You never know maybe
the roadshow will be coming to a city near you.
The goal of this particular book is to show you how to create you Azure Site to Site VPN’s across a
variety of different hardware platforms.
13
Sample Files
All sample files for this book can be downloaded from www.checkyourlogs.net and
www.github.com/dkawula
Additional Resources
In addition to all tips and tricks provided in this book, you can find extra resources like articles
and video recordings on our blog http://www.checkyourlogs.net.
14
15
Chapter 1 Sophos UTM Firewall to Azure
Chapter 1
Sophos UTM Firewall to Azure

Configuring Settings in Azure
Instructions Screenshot (if applicable)
1. Logon to Azure portal

and click +New.
2. In the Search the

marketplace field,
type Virtual Network
and then Enter.
16
3. Click Virtual Network,

select Resource
Manager from the
Select a deployment
model and then click
Create.
4. On the Create virtual

network page, enter
the name for your
virtual network in
Name filed.
5. In the Address space
filed, enter the
address space, make
sure that the address
space that you specify
does not overlap with
the address space for
your on-premises
location.
6. In the Subnet name
field, enter the subnet
name.
7. In the Subnet address
range field, enter the
subnet address range,
but don’t use all of
address space for this,
because you need to
reserve space for
gateway subnet.
17
8. In the Subscription
field, verify that the
subscription listed is
the correct one. In
the Resource group
field, create a new
one by typing a name
for your new resource
group.
9. In the Location field,

select the location for
your Virtual Network
and then select Pin to
dashboard.
10. Select Subnets after

the virtual Network is
be created, click
+Gateway subnet.
11. In the Address range

field, enter your
gateway subnet and
then click OK.
18
12. On the left side of the

portal page, click +.
13. In the search filed,
Gateway and the
enter.
14. Click Virtual Network

Gateway in Results
and then click Create.
19

network gateway
page, type the virtual
gateway name in the
Name field.
16. Select VPN as the
Gateway type.
17. Select Policy-based as
the VPN type.
18. Select Computer
Account and then
click Next.
19. Select Local Computer
and then click Finish.
20. Select Basic as SKU.
21. Click Choose a virtual
network in Virtual
network field and
select the new
created virtual
network.
22. Click Choose a public
IP address in the
Public IP address
field, click Create
new.
23. Type gateway IP
address name in the
20
Name field and then

click OK.
24. Select Pin to

dashboard and then
click Create.
21
25. 26. Select All

resources in the
Azure portal, click
+Add.
26. 27. Type local
network gateway in
search and then hit
Enter.
27. Select Local network

gateway and click
Create
22
28. On the Create local

network gateway
page, type your on-
premises site name in
the Name field.
29. In the IP address field,
type the public IP
address of the VPN
device at on-premises
site.
30. In the address space
field, type the on-
premises IP address
range.
31. In the Resource
Group field, Select
Use existing and
select the existing the
resource group name.
32. Select Pin to
dashboard and then
click Create.
23
33. On the dashboard

of Azure portal,
select Virtual
Network Gateway
that we created.
34. Select Connections

and then click
+Add.
24
Settings in Sophos UTM
1. Logon to SPHOS UTM.

2. Select Site-to-Site VPN and click IPsec.
3. On the Ipsec page, select Remote Gateway and click New Remote Gateway.
4. On the Add Remote Gateway page.
5. Name: Enter a descriptive name for this remote gateway.
6. Gateway type: Select the Initiate connection.
7. Gateway: click add new network definition.
8. On the Add new network definition page.
9. Name: Enter name of AZUREGW.
10. Type: select Host.
11. IPv4 Address: Enter the gateway IP address of AZURE and then click Save.
12. On the Add Remote Gateway page.
13. Authentication type: select Preshared key.
14. Key: copy and paste the preshared key from AZURE.
15. Repeat: copy and paste the preshared key from AZURE.
16. VPN ID type: select IP Address.
17. Remote Networks: Click Add network definition.
18. On the Add network definition page.
19. Name: Type name for ASURE Network.
20. Type: Select Network.
21. Address: Enter Subnet of AZURE Virtual network.
22. Netmask: select the netmask of AZURE Virtual network and then click Save.
23. Click Save on the Add Remote Gateway page.
24. Slect Policies tab and create new policy for Azure.
25. On the Edit Ipsec policy page.
26. Name: type policy name for Azure policy.
27. IKE encryption algorithm: Select AES 256.
28. IKE authentication algorithm: select SHA1.
29. IKE SA lifetime: Enter 7800.
30. IKE DH group: Select Group 2: MODP 1024.
31. IPsec encryption algorithm: Select 3DES.
32. IPsec authentication algorithm: Select SHA1.
33. IPsec SA lifetime: Select 3600.
34. IPsec PFS group: Select None and then click Save.
25
35. Select Connections tab and create new connection.

36. Click New IPsec connection….
37. On the Add IPsec connection page.
38. Name: Enter connect name.
39. Remote Gateway: Select the gateway that we created.
40. Local Interface: select WAN.
41. Policy: Select the policy that we created.
42. Local Networks: Enter the Local Sophos UTM Subnet.
43. Click Save.
26
Chapter 2 Cisco Meraki to Azure
Chapter 2
Cisco Meraki to Azure


and click +New.

marketplace field,
and then Enter.
27

select Resource
Manager from the
Select a deployment
Create.

network page, enter
the name for your
virtual network in
Name filed.
filed, enter the
address space, make
your on-premises
location.
name.
because you need to
reserve space for
gateway subnet.
28

the correct one. In
the Resource group
field, create a new
group.

dashboard.

be created, click
+Gateway subnet.

field, enter your
gateway subnet and
then click OK.
29

Gateway and the
enter.

Gateway in Results
30

network gateway
gateway name in the
Name field.
Gateway type.
the VPN type.
52. Select Computer
Account and then
click Next.
network in Virtual
network field and
select the new
created virtual
network.
IP address in the
Public IP address
field, click Create
new.
57. Type gateway IP
address name in the
31
Name field and then

click OK.
58. Select Pin to

dashboard and then
click Create.
32
59. 26. Select All

resources in the
Azure portal, click
+Add.
60. 27. Type local
network gateway in
search and then hit
Enter.

gateway and click
Create
33

network gateway
page, type your on-
the Name field.
type the public IP
address of the VPN
site.
field, type the on-
premises IP address
range.
65. In the Resource
Group field, Select
Use existing and
66. Select Pin to
dashboard and then
click Create.
34

of Azure portal,
select Virtual
Network Gateway
that we created.

and then click
+Add.
35
69. On the Add

connection page,
type Site-to-Site
VPN name to the
Name field.
70. Select Site-to-site
(IPSEC) as
Connection type.
71. In the Local network
gateway field, select
the local network
gateway that we
created.
72. Type shared key in
the Shared key
(PSK) field, this
shared must be
matched with your
on-premises VPN
device and then
click OK.
36
1. Logon to Cisco
Meraki portal.
2. Select Security
appliance and click
Site-to-site VPN.
3. In the Site-to-site
VPN field, select
Hub.
4. On the VPN
settings, select the
local networks that
you want to connect
to Azure and then
select yes for Use
VPN.
37
5. Select Automatic for

NAT traversal.
6. On the
Organization-wide
settings page, click
add a peer in the
Non-Meraki VPN
peers.
7. In the Public IP field,

type the public IP
address of Azure
Virtual Network
Gateway.
8. In the IPsec policies

field, click default
and change it to
Azure.
9. Type shared key in

the Preshared
secret filed, this key
must match with
Azure.
10. Select All networks

in the Availability
38
field and then click

Save Changes.
39
Verify the VPN Connection
1. Logon Azure portal.
2. select the virtual

network gateway
and then click
connections.
3. Check the VPN

status and make
sure it’s Connected.
4. Logon on the Cisco

Meraki portal.
5. Select Security
appliance and click
VPN status.
6. Click Non-Meraki
peer and make
sure the VPN status
is green
40
Chapter 3 Palo Alto to Azure
Chapter 3
Palo Alto to Azure


and click +New.

marketplace field,
and then Enter.
41

select Resource
Manager from the
Select a deployment
Create.

network page, enter
the name for your
virtual network in
Name filed.
filed, enter the
address space, make
your on-premises
location.
name.
because you need to
reserve space for
gateway subnet.
42
the correct one. In
the Resource group
field, create a new
group.

dashboard.

be created, click
+Gateway subnet.

field, enter your
gateway subnet and
then click OK.
43

Gateway and the
enter.

Gateway in Results
44

network gateway
gateway name in the
Name field.
Gateway type.
the VPN type.
18. Select Computer
Account and then
click Next.
network in Virtual
network field and
select the new
created virtual
network.
IP address in the
Public IP address
field, click Create
new.
23. Type gateway IP
address name in the
45
Name field and then

click OK.
24. Select Pin to

dashboard and then
click Create.
46
25. 26. Select All

resources in the
Azure portal, click
+Add.
26. 27. Type local
network gateway in
search and then hit
Enter.

gateway and click
Create
47

network gateway
page, type your on-
the Name field.
type the public IP
address of the VPN
site.
field, type the on-
premises IP address
range.
31. In the Resource
Group field, Select
Use existing and
32. Select Pin to
dashboard and then
click Create.
48

of Azure portal,
select Virtual
Network Gateway
that we created.

and then click
+Add.
49
Settings in Palto Alto
1. Logon to Palto Alto.
2. Select Network and click Interface.
3. On the Interface page, select Tunnel and click Add to create Tunnel Interface.
4. Assign an IP on the same subnet as the Azure Gateway Subnet.
5. Select a virtual router and the appropriate security zone. Selecting a pre-existing zone,
that includes other servers, may negate the need for new policies.
6. Go to Network and expand Network Profiles.
7. Select IPSec Crypto and click Add.
8. Create a new IPSec Crypto Profile for Azure to match the define IKE Crypto (IKEv1
Phase-1) parameters and Lifetime value. For example, if Azure's lifetime is 3600
seconds, which is different from other tunnels in the network. The correct selection
for the DH Group is "no-pfs" for no perfect forward secrecy.
9. Select IKE Gateway and click Add.
10. Create an IKE Gateway selecting the external interface of your Palo Alto Networks
firewall and the IP of that interface for "Local IP Address". This will match the VPN
Gateway Address configured on the Local Address in Azure that you're tunneling to.
The Peer IP Address can be obtained from the Azure Virtual Network Dashboard of the
same Azure Virtual Network. The Local Identification IP Address should match the
Local IP Address on the same screen. The Pre-shared Key can be obtained by clicking
"Manage Key" on the Azure Virtual network Dashboard of the Azure Network. Then,
simply copy and paste
11. Go to Network and select IPSec Tunnels.
12. Configure a new IPSec Tunnel with the newly created Tunnel Interface, IKE Gateway
and IPSec Crypto Profile.
50
13. Go to the Proxy IDs tab and create at least one ID with the appropriate local and
remote subnets. Local should match the defined "Local Networks" you configured in
Azure with the appropriate gateway address of your Palo Alto Networks firewall IPSec
tunnel endpoint. Remote should match the configured Azure address space.
14. Go to Network and select Virtual Routers.
15. Select Static Routers and click Add.
16. Create a route to direct traffic via the tunnel interface to the Auzre Virtual Network.
17. At this point a ping to the Azure Virtual Network should bring the tunnel up.
51
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
Chapter 4
Configruing a S2S VPN with

Microsoft RRAS to Azure
Configuring the RRAS Server’s NICs
1. Label one NIC to be

External and one to
be Internal.
2. Go into the
properties of the
External adapter.
3. Uncheck everything
except for TCP/IPv4.
4. Go into the
properties of
TCP/IPv4 and
configure:
1. IP Address
2. Gateway
3. DNS Servers
4. Advanced
Settings ->
WINS ->
Disable
52
NetBIOS
over TCP
5. Click OK to close out

the External
adapter properties.
6. Go into properties
of the Internal
adapter.
7. Uncheck TCP/IPv6.
8. Go into the
properties of
TCP/IPv4 and
configure:
1. IP Address
2. DNS Servers
53
Configure the Roles on the RRAS Server
1. Open Server
Manager. Select
Manage -> Add
Roles and Features.
2. On the Add Roles
and Features
Wizard
3. Before You Begin:
Click Next
4. Installation Type:
Role-based -> Click
Next
5. Server Selection:
Select a server from
the server pool ->
RRAS-Server -> Click
Next
6. Server Roles: Check
Remote Access ->
Click Next
7. Features: Click Next
8. Remote Access:
Click Next
9. Role Services:
10. Direct Access and
VPN (RAS)
11. Click Add Features
on the pop-up
window
12. Routing
13. Click Next
54
14. Web Server Role

(IIS): Click Next
15. Role Services
16. Accept Defaults:
Click Next
17. Confirmation: Click
Install
18.
55
Configuring the Azure VPN

1. Go to Virtual
Networks and click
Add.
2. On the Create
virtual network
blade fill in the
following:
3. Name - RRAS-S2S-
Vnet
4. Address space -
10.2.0.0/16
5. There will need to
be 2 subnets
created so the
address space here
will have to be big
enough for your 2
subnets. I am going
to have 2 /24
subnets under this
to help clarify the
differences in the 2
subnets.
6. Subnet name -
default
7. This is the subnet
you will use for your
Azure VMs.
8. Subnet address
range - 10.2.0.0/24
9. This is the address
range that will be
56
used for the Azure

VMs.
10. Subscription - pick
your subscription
11. Resource group -
S2S-Test
12. This is creating a
resource group that
we will use for the
rest of the
resources.
13. Location - Pick the
location you want
your Virtual
Network to reside.
14. Web Server Role
(IIS): Click Next
15. Role Services
16. Accept Defaults:
Click Next
17. Confirmation: Click
Install
18. Click Create.

19. Next you need to
create a subnet for
the virtual network
gateway. Click on
Virtual Networks.
20. On the Virtual
Networks blade
click the RRAS-S2S-
Vnet network. Then
click on All settings -
> Subnets -> Add.
57
21. On the Add subnet

blade fill in the
following:
22. Name -
GatewaySubnet
23. This has to be the
name of the subnet
for the Virtual
Network Gateway.
24. Address Range -
10.2.1.0/24
25. This is the IP range
for the RRAS server
to use.
26. Click OK
27. After the Virtual
Network is
deployed click on
Virtual network
gateways.
28. Click on Add
58
29. On the Create

virtual network
gateway blade
type in the name of
the virtual network
gateway, RRAS-S2S-
VnetGW. Then click
choose virtual
network and select
the virtual RRAS-
S2S-Vnet virtual
network.
30. Back on the

Create virtual
network gateway
blade click Choose
public a IP address.
Then on the
Choose public IP
address blade
click Create new.
31. On the Create

public IP address
blade type in the
name for the
public IP address
resource and click
OK.
59
32. Back on the Create

virtual network
gateway blade
select the
following:
33. Gateway type: VPN

34. VPN type: Route-
based
35. Subscription: your
Azure subscription
36. Click on Select
existing under
Resource group
and then on the
Resource group
blade select the
S2S-Test, click OK.
60

virtual network
gateway blade
select East US as
the Location and
then click OK.
virtual network
gateway blade
review the options
and then click
Create.
61
39. After the Virtual

Network Gateway
is created select
Virtual network
gateways and then
select RRAS-S2S-
VnetGW. The
settings blade will
appear. Make note
of the Public IP
address, this will
be needed later.
40. Next go to Local

network
gateways and click
Add.
62

network gateway
blade enter in the
following
information:
42. Name: RRAS-S2S-
LclNetGW
43. IP address: Enter
the public IP
address of network
that the RRAS
server is on
44. Address space:
This is where the
on prem network
address space is
set (e.g.
192.168.1.0/24).
45. Subscription:
Select your Azure
subscription
46. Resource group:
S2S-Test
47. Location: East US
48. Click Create.

49. After the Local
network gateway is
created, go to Local
network gateways -
> RRAS-S2S-
LclNetGW->
Settings ->
Connections.
63
50. Click Add.
51. On the Add

connection blade
fill in the following:
52. Name: RRAS-S2S-
LclNetGW-
Connection
53. Connection type:
Site-tosite (IPsec)
54. Virtual network
gateway: RRAS-
S2S-VnetGW
55. Local network
gateway: RRAS-
S2S-LclNetGW
56. Shared key (PSK):
Enter in any
alphanumeric key
as the key
57. Resource group:
S2S-Test
58. Location: East US
59. Click OK.
64
65
Configure Routing and Remote Access

1. open up Routing
and Remote
Access.
2. Welcome to the
Demand-Dial
Interface Wizard:
Click Next
3. Interface Name:
Type in Azure S2S,
click Next
4. Connection Type:
Select Connect
using virtual
private network
(VPN), click Next
5. VPN Type: Select
IKEv2, click Next
6. Destination
Address: Enter in
the Public IP
address of the
66
Azure Virtual
Network Gateway,
click Next
7. Protocols and
Security: Check
Route IP packets
on this interface,
click Next
8. Static Routes for
Remote Networks:
Click Add
9. Static Route: Select
Remote Network
Support using IPv4:
10. Destination:
10.2.0.0
11. Network Mask:
255.255.255.0
12. Metric: 24
13. Click OK
14. Click Next
15. Dial-Out
Credentials: Type
Azure for the User
name, click Next
16. Completing the
Demand-Dial
Interface Wizard:
Click Finish
17. In the Routing and
Remote Access
window select
RRAS-Server ->
Network
Interfaces. Right-
67
click on Azure S2S

and select
Properties.
18. Select the Security
tab and under
Authentication
select Use
preshared key for
authentication.
Type in the
preshared key that
was entered on the
RRAS-S2S-
LclNetGW-
Connection. Click
OK.
19. Right-click on the
Azure S2S network
interface and click
Connect.
20. After it connects
open up a
command prompt
and ping
10.2.0.0. You
should get a
response.
21. Now any Azure VM
that you put on
RRAS-S2S-Vnet will
be able to
communicate
directly with your
on-premise
systems.
68
69
That will do it for this great resource brought to you by the amazing authors of MVPDays
Publishing. We really hope you enjoy it and as always we welcome your feedback and input.
70
Contact Us Join us at MVPDays and meet great MVP’s like this in person
Contact Us
Join us at MVPDays and meet

great MVP’s like this in
person
If you liked their book, you will love to hear them in person.
Live Presentations
Dave frequently speaks at Microsoft conferences around North America, such as TechEd,
VeeamOn, TechDays, and MVPDays Community Roadshow.
Cristal runs the MVPDays Community Roadshow.
You can find additional information on the following blog:
www.checkyourlogs.net
www.mvpdays.com
Video Training
For video-based training, see the following site:
www.mvpdays.com
71
Live Instructor-led Classes

Dave has been a Microsoft Certified Trainer (MCT) for more than 15 years and presents
scheduled instructor-led classes in the US and Canada. For current dates and locations, see the
following sites:
 www.truesec.com
 www.checkyourlogs.net
Consulting Services
Dave and Cristal have worked with some of the largest companies in the world and have a
wealth of experience and expertise. Customer engagements are typically between two weeks
and six months.
72
Twitter
Dave, Cristal, Émile, and Cary on Twitter tweet on the following aliases:
 Dave Kawula: @DaveKawula
 Cristal Kawula: @SuperCristal1
 Émile Cabot: @Ecabot
 Cary Sun: @SifuSun
73

Creatingazuresitetositevpnsstep by Step

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Creatingazuresitetositevpnsstep by Step

Transféré par

Droits d'auteur :

Formats disponibles

Creating Azure Site to Site

(S2S) VPNs– Step by Step

Dave Kawula - MVP

Copyright © 2018 by MVPDays Publishing

Warning and Disclaimer

About the Authors

Cary Sun – CCIE #4531

Emile Cabot - MVP

About the Authors ......................................................................................................... v

Cary Sun – CCIE #4531 ................................................................................................ vi

North American MVPDays Community Roadshow ................................................... 13

Sophos UTM Firewall to Azure ................................................................................... 16

Cisco Meraki to Azure ................................................................................................. 27

Palo Alto to Azure........................................................................................................ 41

Configruing a S2S VPN with Microsoft RRAS to Azure ............................................ 52

North American MVPDays

We often get asked the question “Who should attend MVPDays”?

Sophos UTM Firewall to Azure

Instructions Screenshot (if applicable)

1. Logon to Azure portal

2. In the Search the

3. Click Virtual Network,

4. On the Create virtual

9. In the Location field,

10. Select Subnets after

11. In the Address range

12. On the left side of the

14. Click Virtual Network

15. On the Create virtual

Name field and then

24. Select Pin to

25. 26. Select All

27. Select Local network

28. On the Create local

33. On the dashboard

34. Select Connections

Settings in Sophos UTM

1. Logon to SPHOS UTM.

35. Select Connections tab and create new connection.

Cisco Meraki to Azure

Instructions Screenshot (if applicable)

35. Logon to Azure portal

36. In the Search the

37. Click Virtual Network,

38. On the Create virtual

42. In the Subscription

43. In the Location field,

44. Select Subnets after

45. In the Address range

46. On the left side of the

48. Click Virtual Network

49. On the Create virtual

Name field and then

58. Select Pin to

59. 26. Select All

61. Select Local network

62. On the Create local

67. On the dashboard

68. Select Connections

69. On the Add

Configuring Settings in Azure

Instructions Screenshot (if applicable)

5. Select Automatic for

7. In the Public IP field,