SITE-TO-SITE VPN CONNECTION FROM ON-PREM TO AZURE VM

 

 

USING DEMAND-DIAL IN RRAS

 

Requirements:

1)Create 2 servers on the on-prem with Windows 2016 Server ISO file.

2)Create a VM server on Azure with the same ISO file of Windows 2016 Server within a resource group in Azure.

3)Connections: Virtual Network (Azure), Subnet Gateway (Azure), (VNG)Virtual Network Gateway (Azure), (LNG)Local Network Gateway (Azure).

 

Steps:

1)Create 2 servers on the on-prem with Windows 2016 Server ISO file, where on server must only have the role of AD(Active Directory) and another server must have the role of RRAS(Routing and Remote Access Service) only, where the AD server is the PDC(Primary Domain Controller) and ADC(Additional Domain Controller) is the RRAS server, under a domain of ‘abc.com’ created on the AD server.(Try to ping both servers and the domain to check the connectivity)

 

2)Create a VM server on Azure with Windows 2016 Server ISO file within a resource group on Azure (You might use any region while creating the VM but make sure it should be same while creating the VNG, LNG, and connections too)

 

3)Make sure that after starting all the 3 servers match their time zones for sync purpose (TO BE NOTED)

 

4)Turn off firewall from all the servers

 

5)While creating the VM on Azure the system will automatically create a virtual network on Azure for the VM and it will automatically create and assign a subnet in the subnet gateway to the VM

 

6)Now we create the VNG on Azure by providing it a name on Azure UI on the website then select the resource group then it will automatically create a subnet and assign it to the VNG, also create a Public IP for the VNG within the process of creating the VNG. (It will take around 25 minutes for creation)

 

7)Now we create the LNG Azure by providing it a name on Azure UI on the website then select the resource group then provide it with the public ip of the on-prem server by simply going on google chrome then type “what is my ip” click on the first link and copy that ip.

 

8)Open the RRAS server and in the server manager, click on Tools and select Routing and remote access, then right click on the circled label below and click on ‘enable routing and remote access’



Now right click on the network interfaces in the image below and click on ‘new demand-dial interfaces’


 

Provide it a name



Set the same configuration as show below





Here below enter the public ip created while deploying VNG





Here below add the ip range of the VM server on Azure as the destination with its network mask and metrics





After this click on OK then click on Next



Do not add any information in the above phase and directly click on Next



Now right click on the new demand-dial created and click on properties



Select Persistent connection in the Options menu



Now in Security select use preshared key for authentication type in some password which will be same for the connection option in VNG and click OK

 

9)Now go the VNG settings, click on the connections option then click on ADD, now provide it a name then in the dropdown list select the VNG and the LNG then enter the same preshared key as entered in the demand-dial properties and click on create.

 

10)Once the connection is created go on the RRAS server where we created the new demand-dial interface then right click on it and click on Connect and once it is connected go on your azure site to check the connection status for the new connection created (IT MIGHT TAKE 2-3 MINUTES) after then the connection status will show as connected

 

11)Now you can ping the private IP on Azure VM on any of your on-prem servers and vise versa.

 

12)Now add the Azure VM under the AD server forest which is “abc.com”.

So 1st open “cmd” and type “ipconfig” then open a notepad copy the IP address of the Azure VM, the Subnet Mask and the Default Gateway

Now press “Windows + R” and type “ncpa.cpl” then right click on the NIC card and select “Properties” then select "TCP/IPv4” and click on “Properties”



Now click on “Use the following IP address” and paste the data stored on the notepad



Now click on “Use the following DNS server address” and in the “Preferred DNS server” enter the IP address of the AD server and then click on OK.



 

13)Now the Azure VM will restart itself as soon as you click on OK, after 4 to 5 minutes the Azure VM will start and now it is under the domain “abc.com” and it is in the forest.