堆栈内存溢出
  简体   繁体   English

有没有一种方法可以仅从特定的公共 IP 地址集允许点到站点 VPN 连接到 Azure VNet?

[英]Is there a method to allow Point-to-Site VPN connection to a Azure VNet only from specific set of public IP addresses?

 原文  2020-07-08 21:43:28       azure/ azure-virtual-network/ azure-vpn

问题描述

I have Azure VNET and a VPN Gateway setup.我有 Azure VNET 和 VPN 网关设置。 Point-to-Site VPN connection has been setup, so users can access VMs on the VNET.已建立点到站点 VPN 连接,因此用户可以访问 VNET 上的虚拟机。 Is there anyway I can allow VPN connection only if connection is coming from a known public facing IP address from corporate on-prem network?无论如何,只有当连接来自公司内部网络的已知面向公众的 IP 地址时,我才能允许 VPN 连接?

1 个解决方案

解决方案1
 2 已采纳  2020-07-09 09:07:53

Point-to-site VPN connection is between a single PC connected to your network and Azure VPN gateway over the internet.点到站点 VPN 连接是在连接到您的网络的单台 PC 和 Internet 上的 Azure VPN 网关之间。 The VPN client was assigned private IP address from the address pool. VPN 客户端从地址池中分配了私有 IP 地址。 This on-demand connection is initiated by the user and secured by using a certificate.这种按需连接由用户发起并使用证书进行保护。 The connection uses the SSTP protocol on port 443 to provide encrypted communication over the internet between the PC and the VNet.该连接使用端口 443 上的 SSTP 协议在 PC 和 VNet 之间通过 Internet 提供加密通信。

If you only allow some clients to set up VPN connection, you just need to install client certificate on some specific client machine and don't install client certificate on some clients that you don't want to connect to VPN gateway.如果您只允许某些客户端建立 VPN 连接,您只需要在某些特定的客户端机器上安装客户端证书,并且不要在某些您不想连接到 VPN 网关的客户端上安装客户端证书。 If you want to restrict the access from some clients to access your VMs on the VNET.如果您想限制某些客户端访问 VNET 上的虚拟机。 The clients should disconnect the VPN connection and restrict it's public IP address in the NSG associated with that Azure VM subnet or NIC.客户端应断开 VPN 连接并在与该 Azure VM 子网或 NIC 关联的 NSG 中限制其公共 IP 地址。

P2S connections are useful for remote employees or those that only want to establish connectivity when they need it and can disconnect from the Azure VNet when they are finished with their tasks. P2S 连接对于远程员工或只想在需要时建立连接并在完成任务后可以从 Azure VNet 断开连接的员工非常有用。

You could get more details from this wonderful blog .您可以从这个精彩的博客中获得更多详细信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Azure中为点对点VPN配置静态IP地址 - Configure Static IP Address for Point-to-site VPN in Azure 无法通过点到站点 VPN 连接连接到 azure SQL - Unable to connect to azure SQL through Point-to-Site VPN connection Azure点对站点VPN身份验证日志记录 - Azure Point-to-Site VPN auth logging Azure点对站点VPN路由 - Azure Point-to-site VPN routing Azure 点到站点 VPN 客户端:如何配置 Azure 私有 DNS 解析器 IP? - Azure Point-to-Site VPN Client: How to configure the Azure Private DNS Resolver IP? Azure Point-to-Site:是否可以从 Key Vault 中读取公共证书数据,而不是将其作为纯文本存储在 Point-to-Site Config 中 - Azure Point-to-Site: Is it possible to read the Public certificate data from Key Vault instead of storing it as plain text in the Point-to-Site Config 将Azure点对站点VPN配置为在ResourceGroup中创建的虚拟网络 - Configure Azure Point-To-Site VPN to Virtual Network created in a ResourceGroup Azure点对站点VPN资源管理器Powershell - Azure Point-to-Site VPN Resource Manager powershell 您使用什么IP地址通过点对站点VNET集成从Web App连接到VM? - What ip address do you use to connect to a VM from a Web App through point-to-site VNET Integration? 将流量从点到站点路由到vnet到vnet vpn网关 - Routing traffic from the point to site to vnet to vnet vpn gateway
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM