Your company network includes two branch offices. Users at the company access internal virtual machines
(VMs).
You want to ensure secure communications between the branch offices and the internal VMs and
network.
You need to create a site-to-site VPN connection.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A.
a private IPv4 IP address and a compatible VPN device
B.
a private IPv4 IP address and a RRAS running on Windows Server 2012
C.
a public-facing IPv4 IP address and a compatible VPN device
D.
a public-facing IPv4 IP address and a RRAS running on Windows Server 2012
Explanation:
C (not A): VPN Device IP Address – This is public facing IPv4 address of your on-premises VPN device that
you’ll use to connect to Azure. The VPN device cannot be located behind a NAT.
D (Not B): At least one or preferably two publicly visible IP addresses: One of the IP addresses is used on
the Windows Server 2012 machine that acts as the VPN device by using RRAS. The other optional IP
address is to be used as the Default gateway for out-bound traffic from the on-premises network. If the
second IP address is not available, it is possible to configure network address translation (NAT) on the
RRAS machine itself, to be discussed in the following sections. It is important to note that the IP addresses
must be public. They cannot be behind NAT and/or a firewall.Configure a Site-to-Site VPN in the Management Portal
Site-to-Site VPN in Azure Virtual Network using Windows Server 2012 Routing and Remote Access Service
(RRAS)