This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 45%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi,
I have 3 environments, Dev, Prod and Stage. I would like to have separate P2S VPN configured for these environments as person who has access to one shouldn't have access to others. How to do this as I have configured for dev environments already by adding Azure VPN in Entra ID enterprise application and linking that to my VPN gateway in Dev. How to do the same for other environments but keep them separated?
To set up separate P2S VPN connections for your Dev, Prod, and Stage environments, you can create multiple IP address pools for Azure Virtual WAN. This will allow you to assign different groups of users different pools of IP addresses, and then define rules on the integrated Azure Firewall to restrict users or groups based on their assigned P2S IP address pool. By dividing your P2S users into different groups based on network access requirements, you can differentiate them at the network level and ensure that they can access only a subset of the internal network.
To configure Microsoft Entra authentication for your VPN gateway, you can follow the steps outlined in the "Configure P2S for access based on users and groups - Microsoft Entra authentication" section of the Azure Virtual WAN documentation. You will need to sign in to the Azure portal as a user that is assigned the Global administrator role, grant admin consent for your organization, and then authorize the Azure VPN application.
References:
AI Note: This answer is generated using the Microsoft Q&A AI Assist.
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Can you please elaborate your architecture?
I assume that you are having 3 different VPN Gateways? (for each Dev, Prod and Stage)
Please let me know in case you are having a single VPN Gateway for all the three environments.
Cheers,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Kapil
Reaching out to check if there are any questions on this.
Please let us know if we can be of any further assistance here.
Thanks,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.
Hi,
You should use different certificate for each user for individual environment and share then share the VPN exe and the cert to the end users.
Only the legitimate users of the respective environment can access the resources.
Regards,
Karthik Srinivas