Académique Documents
Professionnel Documents
Culture Documents
MVPDays Publishing
http://www.mvpdays.com
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any
means without the prior written permission of the publisher.
ISBN: TBA
Feedback Information
We’d like to hear from you! If you have any comments about how we could improve the quality
of this book, please don’t hesitate to contact us by visiting www.checkyourlogs.net or sending an
email to feedback@mvpdays.com.
Acknowledgements
iii
Acknowledgements
Acknowledgements
From Dave
Cristal, you are my rock and my source of inspiration. For the past 20 + years you have been
there with me every step of the way. Not only are you the “BEST Wife” in the world you are my
partner in crime. Christian, Trinity, Keira, Serena, Mickaila and Mackenzie, you kids are so patient
with your dear old dad when he locks himself away in the office for yet another book. Taking the
time to watch you grow in life, sports, and become little leaders of this new world is incredible to
watch.
Thank you, Mom and Dad (Frank and Audry) and my brother Joe. You got me started in this crazy
IT world when I was so young. Brother, you mentored me along the way both coaching me in
hockey and helping me learn what you knew about PC’s and Servers. I’ll never forget us as
teenage kids working the IT Support contract for the local municipal government. Remember
dad had to drive us to site because you weren’t old enough to drive ourselves yet. A great
career starts with the support of your family and I’m so lucky because I have all the support one
could ever want.
A book like this filled with amazing Canadian MVP’s would not be possible without the support
from the #1 Microsoft Community Program Manager – Simran Chaudry. You have guided us
along the path and helped us to get better at what we do every day. Your job is tireless and
your passion and commitment make us want to do what we do even more.
Last but not least, the MVPDays volunteers, you have donated your time and expertise and
helped us run the event in over 20 cities across North America. Our latest journey has us
expanding the conference worldwide as a virtual conference. For those of you that will read this
book your potential is limitless just expand your horizons and you never know where life will take
you.
iv
About the Authors
Dave is well-known in the community as an evangelist for Microsoft, 1E, and Veeam
technologies. Locating Dave is easy as he speaks at several conferences and sessions each year,
including TechEd, Ignite, MVP Days Community Roadshow, and VeeamOn.
Recently Dave has been honored to take on the role of Conference Co-Chair of TechMentor with
fellow MVP Sami Laiho. The lineup of speakers and attendees that have been to this conference
over the past 20 years is really amazing. Come down to Redmond or Orlando in 2018 and you
can meet him in person.
As the founder and Managing Principal Consultant at TriCon Elite Consulting, Dave is a leading
technology expert for both local customers and large international enterprises, providing optimal
guidance and methodologies to achieve and maintain an efficient infrastructure.
BLOG: www.checkyourlogs.net
Twitter: @DaveKawula
v
Cary Sun – CCIE #4531
Cary Sun is CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) and MCSE, MCIPT, Citrix
CCA with over twenty years in the planning, design, and implementation of network technologies
and Management and system integration. Background includes hands-on experience with multi-
platform, all LAN/WAN topologies, network administration, E-mail and Internet systems, security
products, PCs and Servers environment. Expertise analyzing user’s needs and coordinating
system designs from concept through implementation. Exceptional analysis, organization,
communication, and interpersonal skills. Demonstrated ability to work independently or as an
integral part of team to achieve objectives and goals. Specialties: CCIE /CCNA / MCSE / MCITP /
MCTS / MCSA / Solution Expert / CCA
Cary’s is a very active blogger at checkyourlogs.net and always available online for questions
from the community. He passion about technology is contagious and he makes everyone around
him better at what they do.
Blog: www.checkyourlogs.net
Twitter: @SifuSun
vi
Cary Sun – CCIE #4531
Technical Editors
Cristal Kawula – MVP
Cristal Kawula is the co-founder of MVPDays Community Roadshow and #MVPHour live Twitter
Chat. She was also a member of the Gridstore Technical Advisory board and is the President of
TriCon Elite Consulting. Cristal is also only the 2nd Woman in the world to receive the prestigious
Veeam Vanguard award.
Cristal can be found speaking at Microsoft Ignite, MVPDays, and other local user groups. She is
extremely active in the community and has recently helped publish a book for other Women
MVP’s called Voices from the Data Platform.
BLOG: http://www.checkyourlogs.net
Twitter: @supercristal1
vii
Cary Sun – CCIE #4531
He actively volunteers as a member of the Canadian Ski Patrol, providing over 250 hours each
year for first aid services and public education at Castle Mountain Resort and in the community.
BLOG: http://www.checkyourlogs.net
Twitter: @ecabot
viii
Cary Sun – CCIE #4531
ix
Contents
Contents
Acknowledgements ...................................................................................................... iv
From Dave ............................................................................................................. iv
Contents......................................................................................................................... x
Introduction ................................................................................................................. 13
Chapter 1...................................................................................................................... 16
Chapter 2...................................................................................................................... 27
x
Contents
Chapter 3...................................................................................................................... 41
Chapter 4...................................................................................................................... 52
Contact Us ................................................................................................................... 71
Join us at MVPDays and meet great MVP’s like this in person ................................ 71
Live Presentations .................................................................................................... 71
Video Training........................................................................................................... 71
Live Instructor-led Classes ........................................................................................ 72
Consulting Services .................................................................................................. 72
Twitter ....................................................................................................................... 73
xi
Contents
xii
Introduction North American MVPDays Community Roadshow
Introduction
MVPDays was founded by Cristal and Dave Kawula back in 2013. It started as a simple idea;
“There’s got to be a good way for Microsoft MVPs to reach the IT community and share their
vast knowledge and experience in a fun and engaging way” I mean, what is the point in
recognizing these bright and inspiring individuals, and not leveraging them to inspire the
community that they are a part of.
Anyone that has an interest in technology, is eager to learn, and wants to meet other like-
minded individuals. This Roadshow is not just for Microsoft MVP’s it is for anyone in the IT
Community.
Make sure you check out the MVPDays website at: www.mvpdays.com. You never know maybe
the roadshow will be coming to a city near you.
The goal of this particular book is to show you how to create you Azure Site to Site VPN’s across a
variety of different hardware platforms.
13
Introduction North American MVPDays Community Roadshow
Sample Files
All sample files for this book can be downloaded from www.checkyourlogs.net and
www.github.com/dkawula
Additional Resources
In addition to all tips and tricks provided in this book, you can find extra resources like articles
and video recordings on our blog http://www.checkyourlogs.net.
14
Introduction North American MVPDays Community Roadshow
15
Chapter 1 Sophos UTM Firewall to Azure
Chapter 1
16
Chapter 1 Sophos UTM Firewall to Azure
17
Chapter 1 Sophos UTM Firewall to Azure
8. In the Subscription
field, verify that the
subscription listed is
the correct one. In
the Resource group
field, create a new
one by typing a name
for your new resource
group.
18
Chapter 1 Sophos UTM Firewall to Azure
19
Chapter 1 Sophos UTM Firewall to Azure
20
Chapter 1 Sophos UTM Firewall to Azure
21
Chapter 1 Sophos UTM Firewall to Azure
22
Chapter 1 Sophos UTM Firewall to Azure
23
Chapter 1 Sophos UTM Firewall to Azure
24
Chapter 1 Sophos UTM Firewall to Azure
26
Chapter 2 Cisco Meraki to Azure
Chapter 2
27
Chapter 2 Cisco Meraki to Azure
28
Chapter 2 Cisco Meraki to Azure
29
Chapter 2 Cisco Meraki to Azure
30
Chapter 2 Cisco Meraki to Azure
31
Chapter 2 Cisco Meraki to Azure
32
Chapter 2 Cisco Meraki to Azure
33
Chapter 2 Cisco Meraki to Azure
34
Chapter 2 Cisco Meraki to Azure
35
Chapter 2 Cisco Meraki to Azure
36
Chapter 2 Cisco Meraki to Azure
1. Logon to Cisco
Meraki portal.
2. Select Security
appliance and click
Site-to-site VPN.
3. In the Site-to-site
VPN field, select
Hub.
4. On the VPN
settings, select the
local networks that
you want to connect
to Azure and then
select yes for Use
VPN.
37
Chapter 2 Cisco Meraki to Azure
6. On the
Organization-wide
settings page, click
add a peer in the
Non-Meraki VPN
peers.
38
Chapter 2 Cisco Meraki to Azure
39
Chapter 2 Cisco Meraki to Azure
5. Select Security
appliance and click
VPN status.
6. Click Non-Meraki
peer and make
sure the VPN status
is green
40
Chapter 3 Palo Alto to Azure
Chapter 3
41
Chapter 3 Palo Alto to Azure
42
Chapter 3 Palo Alto to Azure
8. In the Subscription
field, verify that the
subscription listed is
the correct one. In
the Resource group
field, create a new
one by typing a name
for your new resource
group.
43
Chapter 3 Palo Alto to Azure
44
Chapter 3 Palo Alto to Azure
45
Chapter 3 Palo Alto to Azure
46
Chapter 3 Palo Alto to Azure
47
Chapter 3 Palo Alto to Azure
48
Chapter 3 Palo Alto to Azure
49
Chapter 3 Palo Alto to Azure
3. On the Interface page, select Tunnel and click Add to create Tunnel Interface.
5. Select a virtual router and the appropriate security zone. Selecting a pre-existing zone,
that includes other servers, may negate the need for new policies.
8. Create a new IPSec Crypto Profile for Azure to match the define IKE Crypto (IKEv1
Phase-1) parameters and Lifetime value. For example, if Azure's lifetime is 3600
seconds, which is different from other tunnels in the network. The correct selection
for the DH Group is "no-pfs" for no perfect forward secrecy.
10. Create an IKE Gateway selecting the external interface of your Palo Alto Networks
firewall and the IP of that interface for "Local IP Address". This will match the VPN
Gateway Address configured on the Local Address in Azure that you're tunneling to.
The Peer IP Address can be obtained from the Azure Virtual Network Dashboard of the
same Azure Virtual Network. The Local Identification IP Address should match the
Local IP Address on the same screen. The Pre-shared Key can be obtained by clicking
"Manage Key" on the Azure Virtual network Dashboard of the Azure Network. Then,
simply copy and paste
12. Configure a new IPSec Tunnel with the newly created Tunnel Interface, IKE Gateway
and IPSec Crypto Profile.
50
Chapter 3 Palo Alto to Azure
13. Go to the Proxy IDs tab and create at least one ID with the appropriate local and
remote subnets. Local should match the defined "Local Networks" you configured in
Azure with the appropriate gateway address of your Palo Alto Networks firewall IPSec
tunnel endpoint. Remote should match the configured Azure address space.
16. Create a route to direct traffic via the tunnel interface to the Auzre Virtual Network.
17. At this point a ping to the Azure Virtual Network should bring the tunnel up.
51
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
Chapter 4
3. Uncheck everything
except for TCP/IPv4.
4. Go into the
properties of
TCP/IPv4 and
configure:
1. IP Address
2. Gateway
3. DNS Servers
4. Advanced
Settings ->
WINS ->
Disable
52
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
NetBIOS
over TCP
7. Uncheck TCP/IPv6.
8. Go into the
properties of
TCP/IPv4 and
configure:
1. IP Address
2. DNS Servers
53
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
1. Open Server
Manager. Select
Manage -> Add
Roles and Features.
2. On the Add Roles
and Features
Wizard
3. Before You Begin:
Click Next
4. Installation Type:
Role-based -> Click
Next
5. Server Selection:
Select a server from
the server pool ->
RRAS-Server -> Click
Next
6. Server Roles: Check
Remote Access ->
Click Next
7. Features: Click Next
8. Remote Access:
Click Next
9. Role Services:
10. Direct Access and
VPN (RAS)
11. Click Add Features
on the pop-up
window
12. Routing
13. Click Next
54
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
55
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
1. Go to Virtual
Networks and click
Add.
2. On the Create
virtual network
blade fill in the
following:
3. Name - RRAS-S2S-
Vnet
4. Address space -
10.2.0.0/16
5. There will need to
be 2 subnets
created so the
address space here
will have to be big
enough for your 2
subnets. I am going
to have 2 /24
subnets under this
to help clarify the
differences in the 2
subnets.
6. Subnet name -
default
7. This is the subnet
you will use for your
Azure VMs.
8. Subnet address
range - 10.2.0.0/24
9. This is the address
range that will be
56
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
57
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
58
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
59
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
60
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
61
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
62
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
63
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
64
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
65
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
1. open up Routing
and Remote
Access.
2. Welcome to the
Demand-Dial
Interface Wizard:
Click Next
3. Interface Name:
Type in Azure S2S,
click Next
4. Connection Type:
Select Connect
using virtual
private network
(VPN), click Next
5. VPN Type: Select
IKEv2, click Next
6. Destination
Address: Enter in
the Public IP
address of the
66
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
Azure Virtual
Network Gateway,
click Next
7. Protocols and
Security: Check
Route IP packets
on this interface,
click Next
8. Static Routes for
Remote Networks:
Click Add
9. Static Route: Select
Remote Network
Support using IPv4:
10. Destination:
10.2.0.0
11. Network Mask:
255.255.255.0
12. Metric: 24
13. Click OK
14. Click Next
15. Dial-Out
Credentials: Type
Azure for the User
name, click Next
16. Completing the
Demand-Dial
Interface Wizard:
Click Finish
17. In the Routing and
Remote Access
window select
RRAS-Server ->
Network
Interfaces. Right-
67
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
68
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
69
Chapter 4 Configruing a S2S VPN with Microsoft RRAS to Azure
That will do it for this great resource brought to you by the amazing authors of MVPDays
Publishing. We really hope you enjoy it and as always we welcome your feedback and input.
70
Contact Us Join us at MVPDays and meet great MVP’s like this in person
Contact Us
Live Presentations
Dave frequently speaks at Microsoft conferences around North America, such as TechEd,
VeeamOn, TechDays, and MVPDays Community Roadshow.
www.checkyourlogs.net
www.mvpdays.com
Video Training
For video-based training, see the following site:
www.mvpdays.com
71
Contact Us Join us at MVPDays and meet great MVP’s like this in person
www.truesec.com
www.checkyourlogs.net
Consulting Services
Dave and Cristal have worked with some of the largest companies in the world and have a
wealth of experience and expertise. Customer engagements are typically between two weeks
and six months.
72
Contact Us Join us at MVPDays and meet great MVP’s like this in person
Twitter
Dave, Cristal, Émile, and Cary on Twitter tweet on the following aliases:
73