What is Azure VPN Gateway?
Azure VPN Gateway is a managed service for encrypted network connections between Azure Virtual Networks and other networks. The service supports Site-to-Site VPN for connecting on-premises data centers, Point-to-Site VPN for remote workers, and VNet-to-VNet connections between Azure regions. All connections are encrypted with IPsec/IKE.
VPN Gateway is the cost-effective alternative to ExpressRoute for hybrid cloud scenarios when a dedicated private connection is not required.
Key Features
- Site-to-Site VPN: IPsec/IKE tunnels to on-premises VPN devices with up to 10 Gbps throughput
- Point-to-Site VPN: Remote access for individual clients via OpenVPN, IKEv2, or SSTP
- VNet-to-VNet: Encrypted connections between Azure VNets in different regions
- Active-Active: Highly available configuration with two gateway instances and BGP
- Zone-redundant: Deployment across Availability Zones for highest availability
Typical Use Cases
Hybrid Cloud Connectivity: Secure connection between on-premises data center and Azure VNets for accessing cloud workloads.
Remote Workers: Point-to-Site VPN for developers and administrators who need to access Azure resources.
Disaster Recovery: VNet-to-VNet connections between Azure regions for replication and failover scenarios.
Benefits
- Cost-effective: Cheaper than ExpressRoute for moderate bandwidth requirements
- Quick Deployment: Gateway ready in under an hour (depending on SKU)
- Broad Compatibility: Support for all common VPN devices from Cisco, Fortinet, Palo Alto, etc.
- Encrypted: All connections secured with IPsec/IKE by default
Frequently Asked Questions about Azure VPN Gateway
Which gateway SKU do I need?
VpnGw1 through VpnGw5 offer increasing bandwidth (650 Mbps to 10 Gbps) and tunnel counts. For production, Microsoft recommends at least VpnGw2. Zone-redundant SKUs (VpnGw1AZ through VpnGw5AZ) offer 99.99% SLA.
How many connections are possible?
Between 10 and 100 Site-to-Site tunnels depending on SKU. Point-to-Site supports up to 10,000 concurrent clients. For more capacity, use Virtual WAN.
What is the difference from ExpressRoute?
VPN Gateway uses encrypted connections over the public internet. ExpressRoute provides private, dedicated connections with higher bandwidth and lower latency but is more expensive and requires a provider.
Which VPN devices are supported?
Microsoft provides validated configurations for devices from Cisco, Fortinet, Juniper, Palo Alto, Check Point, Barracuda, and many others. Any IKEv2-compatible device can generally be used.
How long does gateway deployment take?
Basic and VpnGw1 SKUs require 30-45 minutes. Higher SKUs can take 45-60 minutes. Zone-redundant gateways take slightly longer.
Integration with innFactory
As a Microsoft Solutions Partner, innFactory supports you with Azure VPN Gateway: from hybrid architecture design to VPN configuration to implementing high availability setups.
