1
00:00:02,040 --> 00:00:05,680
So configuring the Azure VPN Gateway for point‑to‑site to

2
00:00:05,680 --> 00:00:08,390
support a user‑based connection is similar,

3
00:00:08,390 --> 00:00:09,750
but just slightly different.

4
00:00:09,750 --> 00:00:13,550
So I've removed the configuration from the previous demonstration,

5
00:00:13,550 --> 00:00:16,540
and here I'm just going to walk through this once again.

6
00:00:16,540 --> 00:00:20,830
So I'll click Configure now, and you'll see it remembered my address pool.

7
00:00:20,830 --> 00:00:21,890
So I left that there.

8
00:00:21,890 --> 00:00:22,580
That's fine.

9
00:00:22,580 --> 00:00:26,130
And here we're going to select SSTP because we're going to

10
00:00:26,130 --> 00:00:28,830
use this as a user‑based connection.

11
00:00:28,830 --> 00:00:31,820
Once again, we're going to check our Authentication type,

12
00:00:31,820 --> 00:00:35,340
but this time we're going to uncheck Azure certificate,

13
00:00:35,340 --> 00:00:37,720
and then we'll select RADIUS authentication.

14
00:00:37,720 --> 00:00:42,740
And here we're going to put in our RADIUS server IP address.

15
00:00:42,740 --> 00:00:43,180
Again,

16
00:00:43,180 --> 00:00:46,250
we can't use a name here because the Azure VPN Gateway

17
00:00:46,250 --> 00:00:48,530
doesn't have access to our DNS infrastructure,

18
00:00:48,530 --> 00:00:54,840
so we must put an IP address here.

19
00:00:54,840 --> 00:00:57,780
And the important thing to note here is that this IP

20
00:00:57,780 --> 00:01:00,840
address does not have to be in Azure.

21
00:01:00,840 --> 00:01:04,190
It just needs to be reachable by the Azure VPN Gateway.

22
00:01:04,190 --> 00:01:05,570
Ideally,

23
00:01:05,570 --> 00:01:10,500
it will be in Azure or at least someplace located as close as

24
00:01:10,500 --> 00:01:14,650
possible to the Azure VPN Gateway to perform authentication

25
00:01:14,650 --> 00:01:17,120
promptly and effectively and efficiently,

26
00:01:17,120 --> 00:01:18,600
but at the end of the day,

27
00:01:18,600 --> 00:01:22,110
this NPS server really could reside anywhere as long as it was reachable.

28
00:01:22,110 --> 00:01:25,430
And, of course, you'll enter your your shared secret.

29
00:01:25,430 --> 00:01:30,220
And if you want to have a secondary server, you can do that.

30
00:01:30,220 --> 00:01:31,600
It does only support two.

31
00:01:31,600 --> 00:01:35,260
Not a bad idea to have a backup as well, so we'll enter one here.

32
00:01:35,260 --> 00:01:42,630
And once that's done, go ahead and click Save.

33
00:01:42,630 --> 00:01:46,210
And then once the gateway is finished saving,

34
00:01:46,210 --> 00:01:49,940
just like I did before, click Download VPN client,

35
00:01:49,940 --> 00:01:53,530
open the archive, navigate to the Generic folder,

36
00:01:53,530 --> 00:01:59,860
find that XML file, and grab your VPN Gateway name.

37
00:01:59,860 --> 00:02:03,340
It's the same gateway, so it's the same name that we use previously.

38
00:02:03,340 --> 00:02:07,240
But again, just like I did before with the device‑based connection,

39
00:02:07,240 --> 00:02:12,960
then you would supply that as your VPN Gateway name in the

40
00:02:12,960 --> 00:02:21,000
device configuration profile in Intune, or if you're using XML, you would place that in your XML.