Upgrade Your Career with Exciting Offers on our Career-defining Courses Upto 50% OFF | Offer ending in:
D H M S Grab Now

Azure VPN Gateway

VPN Gateway is a Networking Service provided by Azure. Networking services allow the customers to connect their on-premises and cloud resources and assist in protecting and managing the networking for those services. They also lend a hand to the customers in delivering their applications.

Azure VPN Gateways

Azure Virtual Network

The representation of the physical network infrastructure by two Virtual Machines placed in Azure is referred to as Azure Virtual Network. Virtual Network’s job is to enable the customers to create, manage, monitor, and secure connectivity among the Azure resources along with their on-premise environment. They can be decapsulated into smaller segments called Subnets. The two primary purposes for subnets are:

  1. Enable customers to manage their IP address allocation more constructively.
  2. Group similar kinds of resources together in order to apply filters and security rules across multiple resources within the same subnet.


You can choose how to manage Subnets and Virtual Networks and the way to represent your Networking Infrastructure. You can group multiple resources within the same subnet. Virtual Networks can only reside and spawn resources in a specific region. It would help if you had numerous virtual networks to make your multi-region application work. There two are ways to connect multiple virtual networks:

  1. VNet Peering: It combines multiple virtual networks and makes them act as a single virtual network.
  2. VPN Gateway: It provides cross-communication between on-premise virtual networks.

Azure VPN Gateway

A VPN Gateway is a particular sort of virtual network gateway that is practiced to send encoded traffic between an Azure virtual network and an on-premise area over the public web. These gateways basically provide cross-premises connectivity between customer premises and Azure. Likewise, you can utilize a VPN gateway to send the encrypted traffic between the Azure virtual networks over the Microsoft network. VPN gateways can also be used to connect two virtual networks to each other. A single virtual network can have only a single VPN gateway. You can still create multiple connections to the same VPN gateway as this allows all the VPN tunnels to share the available gateway bandwidth.


Azure VPN Gateway Configuration

A VPN gateway connection is dependent on multiple resources that are configured with particular settings. Even though some resources must be configured in a specific order, most of the resources can be configured independently. For example-

Settings: Settings are a good example because sometimes the settings you prefer for a specific resource are crucial to creating a successful connection.

Deployment Tools

You can initiate the creation and configuration of resources by using any configuration tool, such as the Azure portal, and later decide to move to another tool, such as PowerShell, to configure resources further or mitigate the existing resources when it is relevant. As per the present scenario, it is impossible to configure every resource and resource setting in the Azure portal. At present, Azure offers two different deployment models:

  1. Classic
  2. Resource Manager

Key characteristics of VPN Gateway

  • It is used to connect on-premise to Azure traffic over the public web service.
  • It is used to implement cross-regional communication of Azure virtual networks.
  • It is used in order to connect virtual networks to each other.
  • It is used to send encrypted traffic between Azure virtual networks.
  • It can be deployed in Azure availability zones.

Azure VPN Gateway Setup

The VPN Gateway setup includes the following elements:

  • Virtual network gateway
  • Local network gateway
  • Connection
  • Gateway subnet

Azure VPN Gateway Topology

Azure VPN Gateways can be configured in many different ways:

  1. Site-to-Site: This VPN gateway connection is also referred to as an S2S connection and is used for cross-premises and hybrid configurations. This connection is over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. It entails a VPN device with a public IP address allocated and positioned on-premises.
  2. Multi-Site: This sort of connection is a variant of the Site-to-Site connection where we construct more than one VPN connection using your virtual network gateway, commonly interfacing with different on-premises sites. When working with various connections, we must use a route-based VPN type because we are aware of the fact that each virtual Network can only have one VPN gateway where all connections through the gateway share the available bandwidth. This type of connection is regularly referred to as a “multi-site” connection.
  3. Point-to-Site: This VPN gateway connection is also referred to as a P2S connection and allows you to form a secure connection to your Virtual Network from a single client PC. This is a useful solution for remote workers who need to interface with Azure VNets from a far off area, such as from home or a conference. It is also preferred to use over S2S VPN when you have only a few clients that need to connect to a VNet.
  4. VNet-to-VNet: This connection is identical to connecting a VNet to an on-premises site location because both of them use a VPN gateway to render a secure tunnel using IPsec/IKE. VNet-to-VNet communication can be consolidated with multi-site connection configurations. The network topologies can be placed that combine cross-premises connectivity with inter-virtual network connectivity where the VNets can belong to the same or different:
  • Regions
  • Subscriptions
  • Deployment models


Microsoft Azure training with Infosec Train

You can opt for any Microsoft Azure training course from our range of courses at Infosec Train. Our training programs aim at providing participants with professional knowledge and an in-depth understanding of Azure Services. We are among the leading training providers and have well-versed and experienced trainers. The courses will enhance your existing skills and help you forge a promising career in the Azure cloud computing domain.

Check out the latest schedule of our Microsoft Azure Courses:

AZ-500 certification training course

AZ-104 certification training course

AZ-304 certification training course

Devyani Bisht ( )
Content Writer
Devyani Bisht is a B.Tech graduate in Information Technology. She has 3.5 years of experience in the domain of Client Interaction. She really enjoys writing blogs and is a keen learner. She is currently working as a Technical Services Analyst with InfosecTrain.