Azure VPN Gateway Documentation
Azure VPN Gateway is a service that you can use to send encrypted traffic between your on-premises networks and your Azure Virtual Network (VNet) through the public Internet. You can also use VPN Gateway to send encrypted traffic between your on-premises networks and Azure, or between different Azure VNets.
What is Azure VPN Gateway?
Azure VPN Gateway is a managed service that provides:
- Site-to-Site VPN: Connects your on-premises network to an Azure VNet.
- Point-to-Site VPN: Connects individual client devices to an Azure VNet.
- Network-to-Network VPN: Connects different Azure VNets together.
VPN Gateway uses IPsec/IKE (IKEv1 or IKEv2) protocols to provide secure tunnels. It is a highly available and scalable solution for extending your network to Azure.
Key Features and Benefits
- Secure Connectivity: Encrypts traffic over the public internet.
- Hybrid Cloud Solutions: Enables seamless integration of on-premises and cloud resources.
- Scalability: Supports various gateway SKUs to match your throughput needs.
- High Availability: Provides redundant connections for business continuity.
- Global Reach: Connect to your Azure resources from anywhere.
Common Use Cases
- Connecting to On-Premises Resources: Securely access applications and data hosted in your data center from Azure VMs.
- Disaster Recovery: Establish a resilient connection for failover scenarios.
- Cross-Premises Development and Testing: Develop and test applications that integrate with on-premises systems.
- Connecting Multiple VNets: Create complex network topologies by linking VNets across different regions.
Getting Started
To get started with Azure VPN Gateway, you'll typically follow these steps:
- Create a Virtual Network (VNet): If you don't already have one, create an Azure VNet.
- Create a Gateway Subnet: A dedicated subnet named `GatewaySubnet` is required for the VPN gateway.
- Create a Virtual Network Gateway: Provision the VPN gateway and select the appropriate SKU.
- Configure Connections: Set up the specific type of VPN connection (Site-to-Site, Point-to-Site, or VNet-to-VNet).
Example: Creating a Site-to-Site VPN Connection
A Site-to-Site VPN connection requires a VPN device on your on-premises network that is compatible with Azure VPN Gateway. You'll need to obtain the configuration details from Azure to set up your on-premises device.
Tip
Ensure your on-premises VPN device is listed in the Azure VPN device compatibility list for optimal compatibility.
For a Site-to-Site VPN, you will need to configure:
- Shared Key: A pre-shared key (PSK) for authentication.
- IPsec/IKE Policy: Specify encryption, integrity, and Diffie-Hellman group algorithms.
# Example Azure CLI command to create a VNet gateway (simplified)
az network vnet-gateway create \
--name MyVpnGateway \
--resource-group MyResourceGroup \
--location eastus \
--public-ip-address MyVpnGatewayPip \
--gateway-type Vpn \
--vpn-type RouteBased \
--sku VpnGw1 \
--vnet MyVnet
Troubleshooting
Common issues include:
- Incorrect IPsec/IKE parameters.
- Firewall rules blocking VPN traffic.
- Routing conflicts.
- Incorrect shared key.
Note
Always verify that the IPsec/IKE settings on both your on-premises device and Azure VPN Gateway match precisely. Differences will prevent the tunnel from establishing.
Refer to the Azure VPN Gateway troubleshooting guide for detailed steps.
Pricing
Azure VPN Gateway pricing is based on the gateway SKU selected and the hours it is provisioned. Data transfer costs also apply. For more information, visit the Azure VPN Gateway pricing page.