Hi,
I'm looking to implement the P2S VPN in my azure VNET and have a few questions.
I'm following the guidance provided here - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
For the Address Pool Range on the Gateway. Do I have to reserve that IP pool range and/or is it already reserved once I put it in? I.e., does it matter what I had here? I.e., if I'm using 10.0.30.0 for my VNET can I put in the prescribed 172.16.201.1/24 range? The idea is that whatever I put into this range that it will not overlap is that correct? So it doesn't really matter? I could do 10.0.40.0/24 instead correct?
For the authentication being certificate-based, is there no user/password integration? We have a couple of hundred devices to roll this out to so we'd be looking to push down the client certificate to their machines and then they would run the VPN, authenticate via the password and be on the VPN? No user/pass prompts?
Is anyone using the P2S solution for large scale VPNs?
Am I looking at rolling out individual certs to each user so if they leave, I need to revoke their cert access individually. Right now people are remote, so they could still login their machine, kick off the VPN via an approved cert and then be blocked to getting onto VMs or services from there?
Thanks for help in answering these questions.
Greg