Azure VPN as a VPN Server and a Proxy Server - azure-vpn

I would like to ask if the Azure VPN can be used to both act as a VPN tunnel and a Proxy Server.
We have subscribed for Azure VPN and is located in Singapore to resolve latency issues in connecting to one of our client in the US, which is hosting their VDI in the US. This has been resolved using the said solution. The tunnel configuration has been setup by our MSP.
Now, we are also using OpenVPN that acts as Proxy Server to access another client's resources in the US. We are located in the Philippines and the client's network requires US IP address for their security. We are planning to refrain from using OpenVPN and utilize our new Azure VPN. The question is, will it be possible to create another tunnel in Azure VPN and use it as a proxy?
I am just starting my studies in Azure cloud technologies and I am not in-depth with their solutions. Thank you so much!
Creating another tunnel in Azure VPN to be used as a Proxy Server.

Deploy a bastion host in one of the US regions and use that to hop over to the cients network

Related

OpenVPN based Site-to-Site VPN between Azure on premise server is it secure?

OpenVPN based Site-to-Site VPN between Azure on premise server is it secure?
We are trying to setup Site to site connection but our firewall doesn't have Ikev2
So we want to setup the vpn without the need of the firewall. It seems OpenVPN in azure can do the job
Although it uses certificates to authenticate but i'm not sure the security and performance of bypassing the firewall.
I would love to know your input of how to setup and if this route is the best.
Thanks in advance
OpenVPN uses tunneling over SSL. So traffic over OpenVPN is encrypted and it is safe to use. As it is using SSL/TLS for Key exchange it is safe to by pass your firewall.

Best network design for company with remote offices that need to go through 1 public facing interface

I received a call from a business owner. One of his services will only license and whitelist one public IP well he has three locations. When I got involved they were trying to spin up an OpenVPN appliance and have site to site vpns to the remote locations. Well the remote locations have Fortigate firewalls and this will not work I believe with the SSL VPN of OpenVPN.
I would like to recommend something with Azure or AWS but I am unclear on the best VPN setup with Azure. Essentially he will need all remote sites exiting to the internet through Azure.
Late last night tried to test with AWS VPC and a VPN back to the fortigate. Client later expressed he would rather not use AWS.
Also recommended this https://forum.fortinet.com/m/tm.aspx?m=148626&p=
but he did not want to bottlekneck one of his locations
All sites exiting Azure out of one IP address
If you have 3 sites in Azure, you can make all 3 sites exiting Azure with one VPN gateway IP for the same destination.
You need to configure VNET to VNET peering and enable Gateway Transit to make it work. Can you also elaborate your ask here with a Network Diagram ?

Starting with AZURE VPN. IPSEC as method and Cisco 2611 router (4.x vpn client)

I'm starting with Azure's VPN network.
I'm little bit confused about site-to-site and point-to-point methods.
What I need to do is, connect to a remote server that runs some SIP & H323 PBX server. The cisco router is used as a FXO/FXS lines/phone gateway.
I mean this cisco router is not used as router only as a H323 gateway, is like a remote client connecting trough a VPN and running a softphone.
So.. client-to-client is the easy method.. or is site to site ( I don't have any other device or host in my router so is not a remote site is only one terminal)
The thing with this router is the IOs version (12.2) a little bit older. It runs IPSEC client 4.X.. So it will work ?
Test first witha IPSEC in a PC first is a good idea I think
Ideas & comments are welcome !!!
Best Regards!!
Frank
I am not familiar with the model (2611). In general though, if this box is really acting as an endpoint (client or server), you have two choices:
Connect from 2611 directly to the virtual machine (VIP) without using Azure VPN. Of course you will need to ensure the connection is secure.
Create an Azure VPN gateway and establish a S2S VPN tunnel between your network and the Azure virtual network hosting your VM. Azure uses standard IPsec/IKE VPN (for route-based VPN, you will need IKEv2, policy-based VPN uses IKEv1).
Either option should work. Point-to-site VPN will not work for you though. Point-to-site requires a Windows machine as a VPN client connecting to Azure.
Please let us know if you have any questions.
Thanks,
Yushun [MSFT]

Connecting to windows azure with a VPN

I am running a few machines and we services in Windows azure that I would like to lock off to the rest of the world because of the confidential data that is on there. I have a few small things that make it harder to get at, but I would like to setup a VPN to lock it down. If I set up a VPN service on one of the VM's would I then be able to latch onto the virtual network I have setup there? What is the process in setting this up?
If your cloud service is in a VNET you can create a VPN gateway and connect to it using either a Site-to-Site VPN or a Point-to-Site VPN. The former is IT focused, requiring VPN router configuration - the latter is developer focused, and requires minimal configuration. When using either form of VPN it is possible to take your cloud service completely off the internet for inbound traffic - outbound traffic can go out regardless of what endpoints you define for your VM.

How to access internal web services from windows azure with restriction IP and port

We have a existing application to be migrated to the windows azure.
Currently, it will access another web services in other network, and the firewall in front of the web service, it will trust the IP of it and open the port only for that application.
Which IP should I trust after migrated to Windows Azure? or other approach suggested?
Thanks a lot.
Currently Windows Azure does not offer a fixed IP address, so any IP based filter would be subject to potential risk if the IP address should change (which it can without notice).
I would recommend you explore either leveraging the service bus to create a peer-to-peer connection between the services, or possibly Azure Connect (an ipsec based VPN style connection).

Resources