About Virtual Network Gateways
A virtual network gateway is a logical construct that is used to create a VPN connection or ExpressRoute connection between an Azure virtual network and on-premises networks. It also enables connections between Azure virtual networks.
What is a Virtual Network Gateway?
A virtual network gateway is a resource that you deploy in your virtual network to connect it to other networks. There are two main types of virtual network gateways in Azure:
- VPN Gateway: Allows you to send encrypted traffic between your Azure virtual network and your on-premises location, or between your Azure virtual networks.
- ExpressRoute Gateway: Allows you to create an ExpressRoute circuit, which connects your on-premises networks to Azure through a private connection.
Key Capabilities and Features
- Hybrid Connectivity: Seamlessly connect your on-premises infrastructure to Azure virtual networks.
- Site-to-Site VPN: Establish secure, encrypted connections over the public internet between your on-premises VPN devices and Azure VPN Gateways.
- Point-to-Site VPN: Connect individual client devices to your Azure virtual network.
- Network-to-Network VPN: Connect multiple Azure virtual networks securely.
- ExpressRoute: Leverage private, high-bandwidth, low-latency connections to Azure for mission-critical applications.
- High Availability: VPN Gateways are deployed in active-standby or active-active configurations to ensure continuous connectivity.
- Scalability: Choose from various gateway SKUs to meet your performance and throughput requirements.
Use Cases
- Hybrid Cloud Scenarios: Extend your on-premises datacenter to Azure, allowing workloads to communicate securely.
- Disaster Recovery: Replicate your on-premises data and applications to Azure for business continuity.
- Application Integration: Connect distributed applications residing in different networks.
- Secure Data Transfer: Transmit sensitive data between your networks and Azure with robust encryption.
GatewaySubnet. This subnet must have at least a /27 address space.
Gateway Types and SKUs
Azure offers different gateway SKUs (Stock Keeping Units) that determine the performance, throughput, and features of your virtual network gateway. Selecting the appropriate SKU depends on your workload requirements and budget.
Common SKUs include:
- Basic
- VpnGw1, VpnGw2, VpnGw3, VpnGw4, VpnGw5
- VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, VpnGw4AZ, VpnGw5AZ (for Zone Redundancy)
- ErGw1AZ, ErGw2AZ, ErGw3AZ (for ExpressRoute Gateways)
Consult the Azure VPN Gateway pricing page for detailed SKU specifications and costs.
Deployment Considerations
When deploying a virtual network gateway, keep the following in mind:
- The gateway deployment process can take a significant amount of time (typically 30-45 minutes or more).
- Ensure your virtual network has enough IP address space for the
GatewaySubnetand other resources. - Configure appropriate Network Security Groups (NSGs) and User Defined Routes (UDRs) to control traffic flow.