Create Azure VPN Gateway

Microsoft Docs Last updated: January 15, 2024 15 min read

This article guides you through the steps to create a VPN gateway in Azure using the Azure portal. Azure VPN Gateway allows you to send encrypted traffic between your on-premises networks and your Azure virtual networks through the public Internet.

Note: Before you begin, ensure you have an Azure subscription and have a virtual network already created.

Prerequisites

  • An Azure subscription.
  • A virtual network (VNet) configured in your Azure subscription. The VNet must have at least one subnet that is NOT the GatewaySubnet.
  • A dedicated subnet named GatewaySubnet for the VPN gateway. This subnet must be named exactly 'GatewaySubnet' and should not contain any other resources.

Steps to Create a VPN Gateway

Step 1: Navigate to the VPN Gateway Service

1. Sign in to the Azure portal. 2. In the search bar at the top, type "Virtual network gateways" and select it from the search results.

Step 2: Create a New VPN Gateway

1. On the "Virtual network gateways" page, click the + Create button.

Azure Portal - Create VPN Gateway Button
Step 3: Configure Basic Settings

In the "Create a virtual network gateway" page, configure the following settings:

  • Subscription: Select your Azure subscription.
  • Resource group: Select an existing resource group or create a new one.
  • Name: Enter a unique name for your VPN gateway (e.g., `MyVpnGateway`).
  • Region: Select the same region as your virtual network.
  • Gateway type: Select VPN.
  • VPN type: Select the VPN type that matches your scenario. For most scenarios, Route-based is recommended.
  • SKU: Choose a SKU based on your performance and feature requirements. Higher SKUs offer better performance and more concurrent connections. Common options include VpnGw1, VpnGw2, etc.
  • Generation: Choose the generation for your gateway. Generation1 is the legacy option, while Generation2 offers improved performance.
  • Virtual network: Select the virtual network you want to connect to the VPN gateway. The portal will automatically detect the GatewaySubnet if it exists.
Tip: Ensure you have created a subnet named GatewaySubnet in your virtual network before proceeding.
Step 4: Configure Public IP Address

1. Under the Public IP address section, select Create new. 2. Provide a name for the public IP address (e.g., `MyVpnGateway-PublicIP`). 3. For Assignment, choose Static. This ensures the IP address doesn't change.

Step 5: Review and Create

1. Click the Review + create button to validate your configuration. 2. After the validation passes, review the settings and click Create.

Step 6: Deployment

The deployment of the VPN gateway can take some time, typically between 30 to 45 minutes. You can monitor the deployment progress in the Azure portal.

Important: The creation process is resource-intensive and may take a significant amount of time.

Next Steps

Once your VPN gateway is deployed, you can proceed to:

Deploy with ARM Template Download as PDF