Azure VPN Gateway provides a highly available and scalable way to connect your on-premises networks to your Azure virtual networks. Understanding the limits of VPN Gateway is crucial for designing and managing your network architecture effectively. This document outlines the various limits associated with Azure VPN Gateway.
General Limits
These limits apply to most VPN Gateway configurations.
| Resource | Limit | Notes |
|---|---|---|
| Virtual network gateways per subscription per region | 10 | This limit can be increased upon request. |
| Public IP addresses per gateway | 1 | For Basic SKU, or 2 for Standard/HighPerformance/VpnGw1/VpnGw2/VpnGw3/VpnGw4/VpnGw5 SKUs. |
| Connections per gateway | Varies by SKU (see specific SKU details) | |
| Azure VPN Client connections | Varies by SKU (see specific SKU details) | For point-to-site configurations. |
SKU-Specific Limits
The following table details limits for different VPN Gateway SKUs.
| SKU | Max Tunnels (IPsec/IKE) | Max Throughput (Gbps) | Max P2S Connections | Connections |
|---|---|---|---|---|
| Basic | 10 | ~60 Mbps | 125 | 10 |
| VpnGw1 | 30 | 1.25 Gbps | 125 | 30 |
| VpnGw2 | 30 | 2.5 Gbps | 125 | 30 |
| VpnGw3 | 100 | 5 Gbps | 500 | 100 |
| VpnGw4 | 100 | 10 Gbps | 500 | 100 |
| VpnGw5 | 100 | 15 Gbps | 500 | 100 |
| VpnGw1AZ | 30 | 1.25 Gbps | 125 | 30 |
| VpnGw2AZ | 30 | 2.5 Gbps | 125 | 30 |
| VpnGw3AZ | 100 | 5 Gbps | 500 | 100 |
| VpnGw4AZ | 100 | 10 Gbps | 500 | 100 |
| VpnGw5AZ | 100 | 15 Gbps | 500 | 100 |
| ErGw1AZ | 100 | 5 Gbps | 500 | 100 |
| ErGw2AZ | 100 | 10 Gbps | 500 | 100 |
| ErGw3AZ | 100 | 15 Gbps | 500 | 100 |
Note: Throughput is measured by Azure for the VPN gateway SKU. Actual throughput will vary based on network conditions and the workloads you run.
AZ SKUs provide availability zone redundancy.
For Enterprise-grade (ErGw) SKUs, refer to specific documentation for enhanced features.
Connection Limits
Limits related to the number and types of connections you can establish.
| Connection Type | Limit | Notes |
|---|---|---|
| Site-to-Site (S2S) VPN tunnels per gateway | See SKU table | Maximum number of IPsec tunnels. |
| Point-to-Site (P2S) VPN connections per gateway | See SKU table | Maximum concurrent client connections. |
| VNet-to-VNet connections | 1000 | Across all gateways in a region. |
| Active-Active configuration tunnels | Up to 100 | Requires two public IP addresses. |
Other Considerations
- Bandwidth: While the SKU dictates theoretical throughput, actual performance is influenced by latency, packet loss, and the efficiency of encryption.
- Zone Redundancy: VPN Gateway SKUs ending in "AZ" provide redundancy across availability zones.
- Custom IPsec/IKE policies: These can affect compatibility and performance. Ensure correct configuration.
- Service Limits: Always refer to the official Azure documentation for the most up-to-date information, as limits can change.