If you’re looking to set up a VPN on your Azure account, you’ll need to know which types are supported. In this blog post, we’ll go over the different VPN types that Azure supports, so you can choose the best one for your needs.
Checkout this video:
Types of VPN
There are different types of VPNs that you can use with Azure. Azure supports Point-to-Site, Site-to-Site, VNet-to-VNet, and ExpressRoute connections. You can also use third party software to create a virtual private network, such as OpenVPN and WireGuard.
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual computer. P2S connections are used when you need to connect to your VNet from a remote location, such as from home or a conference. P2S connections do not require a VPN device or a public facing IP address.
To learn more about Point-to-Site connections, see About Point-to-Site VPN Gateway connections.
A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) that allows you to connect to your on-premises network through an Azure VPN gateway. S2S connections can be used for cross premises and hybrid configurations. An S2S connection requires a VPN device located on premises that has an externally facing public IP address assigned to it and is not located behind a NAT. A site can have only one S2S VPN gateway at any time but can have multiple S2S client tunnels attached to it. To learn more about S2S connections, see About Site – to – Site VPN Gateway connections .
Azure Point-to-Site VPN
Azure Point-to-Site (P2S) VPN connects an individual computer to Azure over an encrypted connection. This type of VPN is often used by remote workers who need to connect to their company network in order to access resources. It is also a good choice for companies that have a lot of traveling employees, as it allows them to connect to the network from anywhere in the world.
To set up a P2S VPN, you will need:
– An Azure subscription
– A computer running Windows 7 or later
– The ability to connect this computer to the Internet
– Administrator privileges on the computer
Once you have all of these things, you can follow these steps to set up your VPN:
1. Go to the Azure portal and sign in with your Azure account.
2. Click on “Create a resource” and then select “Networking.”
3. Click on “Point-to-Site Gateway.”
4. Enter a name for your gateway and select the location for it. Then click “Create.”
5. Once your gateway has been created, click on it and then select “Download VPN client.” This will download a file called VpnClientSetupAmd64.exe.
6. Run this file and follow the prompts to install the client software on your computer.
7. Once the software is installed, open it and sign in with your Azure account credentials.
8. Select the gateway that you want to connect to and click “Connect.” You should now be connected to your Azure P2S VPN!
Azure Site-to-Site VPN
Azure Site-to-Site VPN enables you to securely connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of VPN is often used when you have a site-to-site connection. For more information, see About Site-to-Site VPN.
Azure Virtual Network Gateway
Azure Virtual Network Gateway supports the following VPN types:
– Point-to-Site (VPN over IKEv2 or SSTP)
– Site-to-Site (VPN over IKEv2, IPsec, or SSTP)
Point-to-Site (P2S) creates a secure connection to an Azure virtual network from an individual client computer. P2S is available for the Windows, macOS, and Linux platforms. For Windows platform, P2S uses Secure Socket Tunneling Protocol (SSTP). For macOS and Linux platforms, P2S uses IKEv2.
SSTP is a Microsoft protocol with encryption built on SSL that can traverse firewalls and web proxies without port mapping. IKEv2 is a standards-based IPsec encryption protocol that uses UDP port 500 and is supported in Azure from a wide range of operating systems and IPsec/IKE devices.
Azure VPN Client
The Azure VPN Client is used to connect to Azure so that you can create and manage site-to-site and point-to-site VPNs. The Azure VPN Client uses the following protocols:
Supported VPN types
Azure supports two types of VPN gateways: policy-based and route-based.
Policy-based VPNs have a single tunnel with one security policy. The benefit of this approach is that you can configure multiple policies in a single gateway to segregate traffic. Policy-based gateways are supported only on the Basic, Standard, and HighPerformance SKUs.
Route-based VPNs have multiple tunnels with one security policy. The benefit of this approach is that all traffic is processed by a single policy. Route-based gateways are supported on all gateway SKUs except for the Basic SKU.
The following table shows which VPN types are supported for each gateway SKU: