Microsoft Azure Training 12 – Azure Virtual Networks – Part 6 – Point-to-site VPN (Exam 70-533)
This is the Part 6 of the Azure Virtual Networks session. In this session I go hands on in providing a demo on how to establish a Point-to-site VPN from your PC to an Azure VNet.
Please subscribe to the channel to stay updated about the training series. Also please comment on the training videos. Thank you!
You will require the makecert utility to practice along this session and it can be downloaded from here [makecert]
Hi Shawn, excellent work!
Just a few questions – you mentioned that if we needed our own DNS handler, we should build our own DC, should this be built within a VNET or can it sit outside? what is the best practise.
Also in terms of Internet routing, I’d like all my VM instances to only be locally accessible via VPN tunnels, and have internet traffic pass via a NAT or a public subnet. What would be the best way of doing this?
I’m from an AWS background and this can be achieved through a combination of routing tables assigned to subnets, essentially creating a public subnet and a private subnet. A NAT server is that used to pass internet traffic for instances that sit on the private subnet.
What is the best way of doing this on Azure?
Hi Abz,
A VNet should be built first. When you provision the DC VM it should be part of that VNet. Make sure the DC VM has a static/reserved DIP (best practice for DC). Once the VM has been provisioned and you have configured it as a DC with the DNS role, go back to the VNet and set the DNS of the VNet with the IP of the DC.
Just remove the public endpoints of those VMs and they will only be accessible on the VNet subnet locally or the VPN tunnels by their DIPs. Your VNet and the Subnet within is private. By default all the internet traffic will NAT-ed out through the Cloud Services using the VIP. You do not need any further configuration to do this.
/Shawn
Excellent – thanks Shawn!