Configure Point-to-Site Connection in Azure VNet - Exam AZ-104: Microsoft Azure Administrator

Configure Point-to-Site Connection

Prev Question Next Question

Question

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.

You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

CE

C: A VPN gateway is used when creating a VPN connection to your on-premises network.

Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).

E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.

Incorrect Answers:

F: Point-to-Site connections do not require a VPN device or a public-facing IP address.

https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

To configure a point-to-site (P2S) connection from an on-premises computer to VNet1, we need to ensure that the VPN gateway is configured correctly. Since the VPN gateway is policy-based, we need to create a connection in the gateway to enable P2S VPN connectivity.

Therefore, the two actions we need to perform are:

D. Add a connection to GW1: To add a connection to GW1, follow these steps:

  1. In the Azure portal, go to the Virtual network gateway (GW1) page.
  2. In the Settings section, click Connections.
  3. Click Add.
  4. In the Name box, type a unique name for the connection.
  5. In the Connection type box, select Point-to-site.
  6. In the Virtual network box, select VNet1.
  7. In the Address space box, type the IP address range of the on-premises network.
  8. In the DNS server box, type the IP address of the DNS server used by the on-premises network.
  9. Click OK to create the connection.

C. Create a route-based virtual network gateway: If you need to create a P2S VPN connection, we need to create a route-based VPN gateway, which is the only supported gateway type for P2S VPN connections.

To create a route-based VPN gateway, follow these steps:

  1. In the Azure portal, go to the Virtual network gateway (GW1) page.
  2. In the Settings section, click Configuration.
  3. In the VPN type box, select Route-based.
  4. Click Save to apply the changes.

Note: We don't need to perform any of the other actions as they are not relevant to creating a P2S VPN connection.

A. Adding a service endpoint to VNet1 is not required to configure P2S VPN connectivity. B. Resetting GW1 won't help in configuring P2S VPN connectivity. E. Deleting GW1 would remove the VPN gateway, which is not what we want. F. Adding a public IP address space to VNet1 is not required for configuring P2S VPN connectivity.

Prev Question Next Question