The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Posts Tagged ‘Azure’

Demo Scripts from the TrueSec Azure Event is here

Posted by Mikael Nystrom on April 12, 2016

Here is all the scripts that we used to build and demo Azure at Rival, Stockholm on the 4th of Mars 2016


for more info about the event :


Posted in Azure, Event, PowerShell | Tagged: , , | Leave a Comment »

Beyond Supported – Azure Site-2-Site VPN (with physical router) behind a NAT device

Posted by Mikael Nystrom on February 2, 2015

Last week at TechXAzure I did 3 sessions, during on of them we did some demos around Azure Site-2-Site VPN which is the fundamental connection to create a Hybrid solution. In production that is not really a complex task since the firewall that is used is directly connected to the Internet with a static IP, but that is usually not the case when you play around at home or in the LAB. Running behind a NAT:ed device is not supported, neither is running the solution on a dynamically assign IP, but it works…

So, the idea behind this guide is to give a fairly simple step-by-step guide to build a site-2-site VPN connection to the Azure IaaS service for you to play with at home or in a LAB, just remember, there is NO support for this at all!

The design

Looking at the picture you can see that we basically have two networks, one for the normal traffic and one more that is behind a second router. Behind that network we have access to Azure directly. For me this is perfect when playing around. The “normal network act as the workload network, that is where all normal traffic exists. The network behind the second router act as the fabric network, here is where my Private Cloud cloud is running. Note, this is just for LAB, Testing, Playing and such things. You should not use this for production since it is unsupported.


The Internet facing router is a Linksys EA6900

The Internal router between the normal network and internal Azure Site-2-Site router is a NETGEAR FVS318N


Create Networks in Azure

Logon to your Azure Account and create the Local network

Select Local Network.

Give it a name and type in your Internet facing IP.

Type in the IP address range your are going to use behind the second router.

Logon to your Azure Account and create the Virtual network

Select to create a Custom network

Give the network a name and assign it to a Azure location.

Type in the DNS servers you are going to have locally on your network and select Site-2-Site VPN. Note: If you also select Point-2-Site you cannot create a Virtual Router in Azure that supports IKEv1, the router I’m using does not support it, it only supports IKEv1 and there for I cannot have Point-2-Site VPN.

Add the IP address range and gateway range for your virtual network in Azure.

Create the Router

When the network has been created you need to create the Virtual Router

In the Azure portal, click on the Virtual Network “FabricAzure” You can either create a Static or a Dynamic router and you need to select the version based on the router/firewall you have locally. In my case I use a NetGear FVS318N and the features in that router requires my to configure the virtual router as a static router.


This takes time, have lunch or something

Finally its done.

Configure the Internet facing Router

To allow traffic from the Virtual Router in Azure to correctly receive data you need to redirect traffic, the easy way to do this is to use the DMZ function in the Internet facing router. This way, all traffic from that IP will be redirected to the second router.

Configure the second router on your network (not the Internet facing)


In this case it is a NETGEAR FVS318N and the easy thing is to run the Wizard for VPN and then modify the settings, but before you do that, we need the PreShared Key and you can get that in the Azure Portal.

Modify the IKE Policy in the Second router.

Modfy the VPN Policy in the second router


Wait, check logs, wait, check logs and…


/Happy Routing…

Posted in Azure, Fabric, IaaS, Site-2-Site, VPN | Tagged: , , , | 1 Comment »

Time for a Community Session–Live @ LabCenter

Posted by Mikael Nystrom on November 3, 2011

  • Where = Stockholm, LabCenter
  • Date = Wednesday the 9 of November 2011
  • Time = 17:00
  • Subject = Cloud
  • Language = Swedish

During the evening I’ll talk about cloud, cloud services, what I have discovered so far, what I think will happen. I’ll focus on the Microsoft based cloud stuff, since that is what I know. I’ll show you Windows Intune, Office 365, Azure, connectors, things that works, things that… well let’s say everything is not perfect. I’ll try to show as much as I can in demo form. I almost forgot one thing, I’ll also cover Private Clouds of course, that focus will be on System Center Virtual Machine Manager 2012 and Hyper-V

If you think that spending an evening with me is a fun thing, just go to:
and sign up, the event is of course free

Hope to see you


Posted in Cloud | Tagged: , , , | Leave a Comment »