VPN Gateway for Azure Virtual WAN

Azure Virtual WAN provides a global networking solution that brings together networking, security, and routing functionalities into a single operational interface. The VPN gateway is a critical component within the Virtual WAN hub, enabling secure connectivity between your on-premises networks and Azure resources.

What is a Virtual WAN VPN Gateway?

A Virtual WAN VPN gateway is a managed service that allows you to establish site-to-site VPN connections between your on-premises VPN devices and your Azure Virtual WAN hub. It is deployed within a Virtual WAN hub and offers high availability, scalability, and global reach.

Key Features and Benefits:

Global Connectivity: Connect multiple on-premises sites to your Azure Virtual WAN hub, enabling a unified global network.
Scalability: Supports multiple VPN connections and provides varying levels of throughput based on your needs.
High Availability: Built-in redundancy ensures continuous connectivity.
Simplified Management: Centralized management through the Azure portal for all your VPN connections.
Integration with Virtual WAN: Seamless integration with other Virtual WAN features like virtual hub routing, security services, and ExpressRoute.

Supported VPN Protocols

The Virtual WAN VPN gateway supports the following industry-standard VPN protocols:

IKEv2/IPsec: The most common protocol for establishing secure VPN tunnels.
OpenVPN: An open-source VPN protocol supported for point-to-site connections.

Deployment and Configuration

Deploying a VPN gateway is done within a Virtual WAN hub. The process typically involves:

Creating a Virtual WAN resource.
Creating a Virtual Hub within the Virtual WAN.
Deploying a VPN Gateway to the Virtual Hub.
Configuring site-to-site VPN connections by specifying your on-premises device's public IP address, pre-shared key, and other parameters.

Tip: Ensure your on-premises VPN devices are compatible with Azure VPN Gateway and that you have the correct public IP address and pre-shared key for your devices.

VPN Gateway SKUs and Capacity

Virtual WAN VPN gateways come in various SKUs, each offering different performance levels and features. The choice of SKU depends on your required throughput and the number of connections you need to support.

Common SKUs include:

Basic: Suitable for smaller deployments with lower bandwidth requirements.
Standard: Offers higher throughput and more concurrent connections.
High Performance: For demanding workloads requiring maximum throughput.

For detailed information on SKUs and their specifications, refer to VPN Gateway Bandwidth documentation.

Key Concepts

Virtual WAN Hub: The central point of connectivity within Azure.
VPN Site: Represents your on-premises network, including its IP address ranges and VPN device information.
Connection: The logical link between a VPN site and a Virtual WAN VPN Gateway.
Pre-Shared Key (PSK): A secret key used for authentication between VPN devices.
BGP (Border Gateway Protocol): Used for dynamic route exchange between your on-premises network and the Azure VPN gateway.

Next Steps

Learn how to create a site-to-site VPN connection.
Explore VPN gateway troubleshooting.
Understand ExpressRoute integration with Virtual WAN.

                # Example Azure CLI command to list VPN Gateways in a Virtual Hub
                
                az network vpn-gateway list --resource-group MyResourceGroup --virtual-hub MyVirtualHub

Note: For specific configuration details and command-line examples, please consult the relevant sections of the Azure documentation.