In this Azure tutorial, we will discuss what VPN types are supported by azure. Apart from this, we will also discuss a few other topics like What is VPN in Azure?, Azure VPN gateway. Azure VPN Client, Microsoft Azure VPN client download, Azure policy-based VPN, Azure VPN Gateway pricing, How VPN works step by step?, How do I set up a VPN in Azure?, etc.
What VPN Types are Supported By Azure? There are four types of VPN connections that are supported by Microsoft Azure. Those are as mentioned below
- Point To Site VPN: It will help you to create a connection between your windows system and the virtual private network.
- Site To Site VPN: This helps you to create a connection between your on-premise site and the virtual private network.
- MultiSite: This is a type of VPN configuration that helps you to connect multiple on-premises sites to a virtual private network instead of just one site.
- Express route: Express route helps you for a direct connection to Azure from your WAN, instead of a VPN connection using the public Internet.
We will discuss below in detail.
Table of Contents
- What VPN Types are Supported By Azure
- What is VPN in Azure?
- Point To Site VPN Azure
- Site To Site VPN Azure
- Provides the feature to connect to Microsoft cloud services:
- Capable of connecting globally with ExpressRoutePremium:
- Capable of connecting to the national clouds:
- Provides with ExpressRoute Direct feature:
- Provides more Bandwidth options:
- More Billing Model:
- Azure VPN gateway
- Azure VPN Client
- Microsoft Azure VPN client download
- Azure policy-based VPN
- Azure VPN Gateway Pricing
- How VPN works step by step?
- Can I connect virtual networks in different Azure regions?
- Can I connect to multiple sites from a single virtual network?
- How many VPN client endpoints can I have in my Point-to-Site configuration?
- What client operating systems can I use with Point-to-Site?
- Can I connect virtual networks in different subscriptions?
- Can I update my policy-based VPN gateway to route-based?
- Is a VPN gateway a virtual network gateway?
- Is Azure VPN free?
- How do I setup a VPN in Azure?
- Create a VPN gateway
- Azure Point-To-Site VPN Limitations
What VPN Types are Supported By Azure
Well, we will discuss What VPN Types are Supported By Azure? But before that, we should understand What is VPN in Azure?. then we will discuss the VPN Types are Supported By Azure.
What is VPN in Azure?
First of all, a VPN is called Virtual Private Network that helps us to connect to another network securely over the Internet.
Now coming back to the point, VPN in Azure is a virtual network gateway that helps to send encrypted traffic between the Azure virtual network and an on-premises location over the internet.
It can also help to send the traffic with encrypted format between Azure virtual networks over the Microsoft network.
Well, Let’s discuss the What VPN Types are Supported By Azure or the answer to the question can you elaborate on the different VPN types that work with Azure?
Currently, there are 4 types of VPN connections that are supported by Azure. The below are the four types
- Point To Site VPN
- Site To Site VPN
- Express route
Point To Site VPN Azure
A Point to site VPN connection helps to create a connection between Azure virtual network and individual computer. This is a very good solution in case you have few clients, and those clients need to connect to the virtual network.
Point To Site VPN has to use one of the below protocols
- OpenVPN Protocol
- Secure Socket Tunneling Protocol
- IKEv2 VPN
The first thing is the user has to be authenticated first, then only Azure will accept the Point to site VPN connection.
There are two ways to authenticate the user
- Using native Azure certificate authentication: For this authentication method, an authenticated client certificate that is present on the device is used to authenticate the connecting user. Here, the client certificates need to be installed on the individual computer.
- Using native Azure Active Directory authentication: This authentication methodology uses the Azure Active Directory authentication mechanism. This uses the Azure Active Directory credentials to authenticate the user. One more benefit of this authentication mechanism is you can use Multi-Factor Authentication(MFA) features for VPN.
Site To Site VPN Azure
This is another type of VPN connection in Azure that you can use to connect your on-premises network to the Azure Virtual Network.
Site-to-site VPNs are good options for companies with multiple offices in different locations that need to access and use the corporate network.
Before configuring the Site to Site VPN connection, you should make sure that the following points are ready for you
- You must have a compatible VPN device and a person who should know how to configure the VPN in that device.
- You need to verify that you have an external-facing public IPv4 address for your VPN device.
- You should know the IP address ranges located in your on-premises network configuration. you need to specify the IP address that Azure will route to your on-premises location.
This is another category of VPN that helps to connect multiple on-premise sites instead of just one to connect to your virtual private network (VPN).
We can create a multi-site VPN in the same way how we are creating other Site-to-Site connections. Also, you can use an existing Azure VPN gateway while creating a multi-site VPN connection.
ExpressRoute is one more category of the Azure VPN that helps you to connect to the Microsoft cloud services like Office 365 to your on-premises networks. you can connect privately from your on-premises networks to the Microsoft clouds by a connectivity provider.
ExpressRoute offers reliability, faster, and higher security connections than typical connections over the Internet.
There are some benefits using the ExpressRoute as the virtual private network (VPN) as listed below.
- It will help to connect to Microsoft cloud services across many regions across the Globe.
- One more important thing is you can create the Layer 3 connectivity between your on-premises network and the Microsoft Cloud.
- It will provide higher reliability since it has built-in redundancy for every peering location.
- It has the capability to provide Dynamic routing between your network and Microsoft via BGP.
Along with these benefits, ExpressRoute also has many excellent features that really help. Let’s discuss a few of the important features
Provides the feature to connect to Microsoft cloud services:
It has the capability to connect to Microsoft cloud services like Microsoft Azure services and Microsoft Office 365 services.
Capable of connecting globally with ExpressRoutePremium:
If you are using the ExpressRoute Premium version then you can able to connect for all the regions across the globe from one particular location.
Capable of connecting to the national clouds:
- It has the capability to connect to some of the special cloud locations.
Provides with ExpressRoute Direct feature:
- ExpressRoute provides the ExpressRoute Direct feature that helps the customers to connect to the Microsoft global network at the peering locations available across the world.
- It also provides dual 100Gbps connectivity, Massive Data Ingestion to different services like Cosmos DB and storage, provides Physical isolation for different industries.
Provides more Bandwidth options:
- ExpressRoute provides more bandwidth options which you can choose like 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, etc.
More Billing Model:
ExpressRoute provides you the options to choose Multiple billing models like
- Unlimited data where you need to pay a monthly basis based on your usage,
- Metered data where again you need to pay on a monthly basis here the Outbound data transfer is charged per GB and can vary for different regions.
- Premium add-on where you will get a lot of extra features like you will get Increased route limits from 4,000 routes to 10,000 routes, You will get the connectivity globally except the national clouds.
As we discussed above, the Azure network VPN provides many advantages with lots of excellent features to work from different regions across the globe.
So this is all about What vpn types are supported by azure or What types of VPN are supported by Azure?. Now let’s discuss What is Azure VPN gateway?.
Azure VPN gateway
A Virtual network gateway is something that is composed of two virtual machines that are deployed to a specific subnet that is called a gateway subnet. These two virtual machines are created when you create a virtual network gateway.
These two virtual machines that belongs to the virtual network gateway contains the routing tables.
During the configuration of the virtual network gateway, you need to configure the settings for the gateway type which helps to determine how the virtual network gateway will be used and the actions that the gateway takes.
If you configure the gateway type as VPN, it means that it is a “VPN gateway”. There can be two types of virtual network gateways
- One VPN gateway
- One ExpressRoute gateway
It can take up to 45 minutes to create a virtual machine gateway.
Azure VPN Client
The Azure VPN Client helps you to connect to Azure from anywhere in the world securely. From the security perspective, it allows you to use the Azure Active Directory, certificate-based as the authentication options that ensure high security.
Microsoft Azure VPN client download
The new Azure VPN client is available on the Microsoft store. You can get the Azure VPN client from the below URL
You can also generate the VPN client configuration files using the Azure portal, to do that you need to follow the below steps
Step-1: Login to the Azure Portal (https://portal.azure.com/).
Step-2: Once login, navigate to the virtual network gateway for the virtual network.
Step-3: On the virtual network gateway page, click Point-to-site configuration from the left side menu under the Settings option.
Step-4: On the Point-to-site configuration page, click Download VPN client button from the top menu. then it will take a few minutes to generate the client configuration package.
Step-5: Now you will get a zip file. You can unzip this file to use that.
One more way is to generate the VPN client configuration file using Powershell
You can use the below PowerShell cmdlet to generate the VPN client configuration file
$getAVPNClientConfigurationFile=New-AzVpnClientConfiguration -ResourceGroupName "newresgroup" -Name "vnet-my-managed-sql-instance" -AuthenticationMethod "EapTls" $getAVPNClientConfigurationFile.VPNProfileSASUrl
Now copy the URL generated to your browser to download the zip file and then unzip the file to use that.
You can configure the Azure VPN Client in the below operating systems
- Mac OS (X)
These are the steps for azure vpn client download.
Azure policy-based VPN
Azure policy-based VPN uses different combinations of prefixes from both of the networks that help to define how the trafic is encrypted or decrypted through the IPsec tunnels.
Azure policy-based VPN is built based on the firewall devices that perform packet filtering where IPsec tunnel encryption and decryption are added.
Azure VPN Gateway Pricing
Well, here we will discuss Azure VPN Gateway Pricing details
|GATEWAY TYPE||PRICE DETAILS PER HOUR||BANDWIDTH||S2S TUNNELS||P2S TUNNELS|
|Basic||₹2.38/hour||100 Mbps||Max 10||Max 128|
|VpnGw1||₹12.5583/hour||650 Mbps||Max 30||Max 250|
|VpnGw2||₹32.3872/hour||1 Gbps||Max 30||Max 500|
|VpnGw3||₹82.6204/hour||1.25 Gbps||Max 30||Max 1000|
|VpnGw4||₹138.8022/hour||5 Gbps||Max 30||Max 5000|
|VpnGw5||₹241.2514/hour||10 Gbps||Max 30||Max 10000|
The Inbound Inter-virtual network data transfer i.e. the data going into Azure data centers between two virtual networks—FREE
Whereas Outbound Inter-virtual network data transfer i.e the data going out of Azure datacenters between two virtual networks is chargeable as below
Data transfer From Zone 1*— ₹2.3134 per GB
Data transfer From Zone 2*— ₹5.9487 per GB
Data transfer From Zone 3*— ₹10.5754 per GB
For more details on the pricing Details, you can refer to below Microsoft Official site
How VPN works step by step?
We have already discussed What is VPN?. Now I am presenting here how does the VPN work step by step?
Step-1: The first step is The VPN encrypts your data traffic. Once encrypted, it sends it to the VPN server via a secure connection.
Step-2: The data that are encrypted from your computer is again decrypted by the VPN server.
Step-3: Now the VPN server will send the data to the internet and will get the reply.
Sep-4: Now the data traffic is again encrypted by the VPN server and it will send the encrypted data to you. But it is encrypted data you got. How will you understand this? follow the next step.
Step-5: The encrypted data that you got will be decrypted by the VPN-software available on your device. Now you can use the decrypted data.
The VPN will encrypt your data traffic, so that it is very much difficult for hackers and other parties to view it.
So the above are the steps how VPN works step by step.
Can I connect virtual networks in different Azure regions?
The answer is Yes. You can able to connect multiple virtual network with each other in the same or different region.
Can I connect to multiple sites from a single virtual network?
Yes, you can. You can use the Multisite VPN connection for this purpose.
How many VPN client endpoints can I have in my Point-to-Site configuration?
It depends on the gateway SKU.
What client operating systems can I use with Point-to-Site?
Below are the operating systems that are supported by the Point-to-Site VPN type.
- Windows 10, Windows 7 (32-bit and 64-bit), Windows 8.1 (32-bit and 64-bit)
- Windows Server 2012, Windows Server 2012 R2 (64-bit for both)
- Windows Server 2016, 2019 (64-bit for both)
- iOS, Linux (StrongSwan), Mac OS X version 10.11 and later
Can I connect virtual networks in different subscriptions?
Yes, you can connect virtual networks in different subscriptions.
Can I update my policy-based VPN gateway to route-based?
No, it’s not possible to update your policy-based VPN gateway to route based. But you can delete it and recreate a new one in around 60 minutes.
Is a VPN gateway a virtual network gateway?
A VPN gateway is a type of virtual network gateway that helps to send the encrypted traffic between various virtual networks as well as between a virtual network and your on-premises location across a public connection.
Is Azure VPN free?
You can only set the Virtual network free of cost. But Microsoft will charge you based on the amount of provision time of the gateway while connecting on-premises and other virtual networks in Azure.
How do I setup a VPN in Azure?
You can follow the below steps to Create a VPN gateway in Azure.
Create a VPN gateway
- Log in to the Azure Portal (https://portal.azure.com/)
- Search for the virtual network gateway and click on the search result virtual network gateways.
3. On the Virtual network gateways page, click on the + Add button.
4. On the Virtual network gateway page, Provide the below details
- Subscription: Select the correct subscription that you want to use for creating the Virtual network gateway.
- Resource Group: Select the existing resource group or you can click on the Create new link to create a new resource group.
- Name: Provide a unique name for the Virtual network gateway.
- Region: Select the region for the Virtual network gateway.
- Gateway type: Make sure to select the Gateway type as VPN.
- VPN type: Select the VPN type based on your requirement.
- SKU: Provide the SKU or it will also auto-populate the SKU value.
- Virtual network: Provide your existing Virtual network name if you have or you can click on the Create virtual network link to create a new Virtual network.
- Gateway subnet address range: It will populate a default value or you can also change it based on your requirement.
- Public IP address: You can select the Create new option for the Public IP address.
- Public IP address name: Provide a name for the Public IP address.
- Enable active-active mode: Select the Enable or Disable option based on your requirement.
- Configure BGP: Select the Enable or Disable option based on your requirement.
Finally, click on the Review + Create button.
5. Now, the system will validate all the details provided by you and if everything is correct then it will show you Validation Passed and you can able to see the Create button will be enabled. Finally, click on the Create button to create a VPN.
6. Once, you will click on the create button, it will take a few minutes to create the VPN in Azure. Now you can able to see that the deployment is completed successfully without any issue. Click on the Go to Resource button to navigate to the VPN that we have created just now.
You can able to see that the VPN with the mentioned Public IP got created successfully with out any issue.
This is How to setup a VPN in Azure using the above instructions.
Azure Point-To-Site VPN Limitations
- The maximum number of Point-To-Site connections is 128 using a dynamic routing VPN gateway.
For the complete information, checkout the Gateway SKUs by tunnel, connection, and throughput section here.
You might like following the below articles
- The term ‘Get-AzureAccount’ is not recognized error
- How to add bulk guest users in Azure AD B2B from Azure Portal and PowerShell
- How to create and add members to Azure Active Directory Group
- How To Convert Text To Speech With Azure Cognitive Services
- How To Move Azure VM To A Different Resource Group PowerShell?
Well, here in this article, we have discussed What VPN Types are Supported By Azure, what VPN types are supported by azure?, VPN types are supported by Azure, What types of VPN are compatible with Azure?, What is VPN in Azure?, Azure VPN gateway, Azure VPN Client, From where we can download the Microsoft Azure VPN client (Microsoft Azure VPN client download) and then we discussed Azure policy-based VPN and Azure VPN Gateway Pricing or Along with this finally we discussed, How VPN works step by step?, How do I set up a VPN in Azure?.