Friday, December 15, 2017

How to Maintain an Azure Site-to-Site (S2S) Connection with a Dynamic IP Address

This post should not be needed for your production environment. This is for those of us who test and build development environments at home and have created hybrid environments into Azure. IF you have a dynamic IP address for your business, please spend the extra bit of money for a static IP...
That being said, I have a dynamic IP address for my house, and when my IP address changes, it used to break my S2S connection with Azure. This post is about how I fixed the problem.
The fist step is to create the service account that is going to be logging in to Azure to check and update the IP Address.  I will be creating an unlicensed user on the .onmicrosoft domain to for this purpose.
As the Microsoft Online Data Service (MSOL) module did not come pre-installed, I ran the following to get started:


Next we are going to login and create the unlicensed service account. You will want to update the UPN and other variables accordingly:


Now that we have our service account created (an account that does not have access into our domain, O365, or Azure), it will need to be added to Access Control (IAM) for the Local Network Gateway in Azure.


With permissions set for Local Network Gateway, it is time to look at the current IP address of the gateway endpoint and compare it to the current local IP address endpoint. If the two IP addresses do not match, it is time to update your Local Network Gateway (in Azure).

Next we create some logging and logging clean-up:

And to finish off, we will connect all of our RRAS VpnS2SInterface connections.

Now let's put the whole thing together. First we create the service account and add their permissions:

Next we create the Update S2S file, and save the file to: 'C:\Scripts\Update S2S and RRAS.ps1'

Now that we are checking and updating our Local Network Gateway Connection IP address, we need to create a timer job that will check and update on a regular basis. Below is a script that will check every hour on the hour. Make sure that the Update S2S file path is set correctly.

Posted by at
Labels: , , , , ,

5 comments:

  1. prashanthMarch 14, 2019 at 8:05 AM

    great information.
    thanks for posting.
    keep sharing.

    ReplyDelete
  2. HEMAFebruary 26, 2020 at 4:53 AM

    Thanks for sharing the information..... keep sharing more articles
    We provide best Selenium training in Bangalore, automation testing with live projects. Cucumber, Java Selenium and Cucumber Training in Marathahalli
    Cucumber Training in Bangalore
    Java Selenium Automation Training in Bangalore
    Selenium Training in Marathahalli
    Manual testing training in bangalore
    Software Testing Training in Bangalore
    Selenium Software Training in Bangalore

    ReplyDelete
  3. Fiducia SolutionsMarch 15, 2021 at 10:07 AM

    Fiducia Solutions is an ISO 9001:2015 certified institute providing course certifications to all its students. We, at Fiducia Solutions, see to it that the candidate is certified and entitled to bag a good position in acclaimed companies. We provide certificates that are valued, and our alumni reputation proves that we are good at what we offer.

    And that is not all! We are known to provide 100% live project training and 100% written guaranteed placements to our students. That’s what makes us the best PHP/ HR/ Digital Marketing training institutes in Noida and Ghaziabad.

    PHP Training Institute in Noida
    HR Training Institute in Noida
    Digital Marketing Training Institute in Noida
    Android Training Institute in Noida

    ReplyDelete
  4. Sagar RajputDecember 20, 2022 at 5:14 AM

    Very nice blog!!
    app development course in amritsar

    ReplyDelete
  5. magistral DevinOctober 21, 2024 at 12:34 PM

    If you need a help for data recovery then ITFUC can help you. Their experts has 7+ years of experience. Take their laptop reparatur frankfurt service today and also enjoy the discount form the first day!

    ReplyDelete

Subscribe to: Post Comments (Atom)