Create an Azure VPN Gateway

This guide walks you through the steps to create a VPN gateway in Azure using the Azure portal, Azure CLI, and Azure PowerShell.

Prerequisites

• Azure subscription with Owner or Contributor role.
• Resource group where the VPN gateway will be deployed.
• Virtual network (VNet) with a dedicated subnet named GatewaySubnet.
• Public IP address resource (optional – Azure can create one automatically).

Step 1 – Create a Resource Group (CLI)

az group create \
  --name MyResourceGroup \
  --location eastus

Step 2 – Create a Virtual Network and Gateway Subnet

az network vnet create \
  --resource-group MyResourceGroup \
  --name MyVNet \
  --address-prefix 10.0.0.0/16 \
  --subnet-name GatewaySubnet \
  --subnet-prefix 10.0.255.0/27

Step 3 – Create a Public IP Address (optional)

az network public-ip create \
  --resource-group MyResourceGroup \
  --name MyVpnGatewayPIP \
  --allocation-method Dynamic \
  --sku Standard

Step 4 – Create the VPN Gateway

az network vnet-gateway create \
  --resource-group MyResourceGroup \
  --name MyVpnGateway \
  --public-ip-address MyVpnGatewayPIP \
  --vnet MyVNet \
  --gateway-type Vpn \
  --vpn-type RouteBased \
  --sku VpnGw1 \
  --no-wait

Step 5 – Verify Deployment

az network vnet-gateway show \
  --resource-group MyResourceGroup \
  --name MyVpnGateway \
  --query "provisioningState"

PowerShell Equivalent

# Create resource group
New-AzResourceGroup -Name MyResourceGroup -Location eastus

# Create VNet with GatewaySubnet
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -AddressPrefix 10.0.255.0/27
$vnet = New-AzVirtualNetwork -ResourceGroupName MyResourceGroup -Location eastus `
          -Name MyVNet -AddressPrefix 10.0.0.0/16 -Subnet $subnetConfig

# Create public IP
$pip = New-AzPublicIpAddress -Name MyVpnGatewayPIP -ResourceGroupName MyResourceGroup `
        -Location eastus -AllocationMethod Dynamic -Sku Standard

# Create VPN gateway
$gateway = New-AzVirtualNetworkGateway -Name MyVpnGateway -ResourceGroupName MyResourceGroup `
          -Location eastus -IpConfigurations @(@{Name="gwIpConfig";SubnetId=$vnet.Subnets[0].Id;PublicIpAddressId=$pip.Id}) `
          -GatewayType Vpn -VpnType RouteBased -Sku VpnGw1 -GatewayDefaultSite $null

Next Steps

• Configure VPN Connections
• VPN Gateway API Reference
• Troubleshoot VPN Gateway Issues