![azure point to site vpn limitations azure point to site vpn limitations](https://i.stack.imgur.com/DOxbY.png)
![azure point to site vpn limitations azure point to site vpn limitations](https://i2.wp.com/directaccess.richardhicks.com/wp-content/uploads/2019/08/aovpn_azure_gateway_003.png)
#Azure point to site vpn limitations free
There are places in registry on the ndes server you will need to enter what cert template to use +++Īlso make sure to have the radius use a cert from the same pki (technically you can use any cert from a root that are both trusted by radius and all client devices). Setting up a virtual network is free of charge. You will need to allow the service account of the ndes to be allowed to issue certs. You need cert templates that puts the correct info in SAN.
![azure point to site vpn limitations azure point to site vpn limitations](https://d1.awsstatic.com/diagrams/Product-Page-Diagram_Aws-Client-VPN-Connect%402x.7e31b8a9dc7f38312794b311d37faf145adc0f96.png)
There is some complexity involved getting everything set up correcly. So what we did was pair a MS pki with mscep/ndes and intune to get the certificates onto the devices.Īs the mscep/ndes server is often in a subnet, we used aad app proxy to publish it so our aad / intune devices can reach it from anywhere to query for certificates.