Azure VPN Gateway is a cloud-based service that provides highly available, secure, and managed VPN connectivity. It enables you to create a secure tunnel between your on-premises network and your virtual networks (VNets) in Azure, or between different Azure VNets.

Key Features and Benefits

Secure Connectivity: Uses IPsec/IKE protocols to encrypt traffic, ensuring data privacy and integrity.
Hybrid Cloud Solutions: Seamlessly integrates your on-premises infrastructure with Azure resources for a true hybrid cloud experience.
High Availability: Offers multiple gateway SKUs with built-in redundancy and failover capabilities to ensure continuous connectivity.
Scalability: Supports various gateway SKUs, allowing you to scale your bandwidth and throughput based on your organizational needs.
Managed Service: Azure manages the underlying infrastructure, patching, and updates, reducing your operational overhead.

Common Use Cases

  • Connecting on-premises datacenters to Azure VNets.
  • Connecting Azure VNets to each other.
  • Remote user connectivity to Azure resources.
  • Establishing secure site-to-site connections for distributed organizations.

Types of VPN Connections

Site-to-Site VPN

This is the most common type, used to connect your on-premises network (like a datacenter or branch office) to an Azure VNet. This connection typically uses a VPN device at your on-premises location.

VNet-to-VNet VPN

This connection is used to securely connect two or more Azure VNets together. This is useful for applications that span across multiple VNets.

Point-to-Site VPN

Allows individual users to connect to an Azure VNet from their device (e.g., a laptop) using a VPN client. This is ideal for remote employees or administrators needing access to Azure resources.

Architecture and Components

An Azure VPN Gateway consists of a virtual network gateway resource. This gateway is deployed in a dedicated subnet called GatewaySubnet within your Azure VNet. The gateway itself consists of two or more instances for redundancy.

Key components include:

  • Virtual Network Gateway: The resource deployed in Azure.
  • GatewaySubnet: A dedicated subnet in your VNet where the gateway is deployed.
  • Connection Resource: A resource that defines the configuration and parameters for the tunnel between two endpoints.
  • Local Network Gateway: Represents your on-premises network or another VNet in Azure that you are connecting to.

Getting Started

To set up an Azure VPN Gateway, you'll typically need to:

  1. Create a Virtual Network in Azure.
  2. Create a dedicated GatewaySubnet within your VNet.
  3. Create a Virtual Network Gateway resource.
  4. Configure your on-premises VPN device (for Site-to-Site) or set up a Point-to-Site configuration.
  5. Create a Connection resource to link your gateway to the other endpoint.

Learn More