What VPN Types are Supported By Azure

What VPN Types are Supported Azure

In this Azure tutorial, we will discuss what VPN types are supported by Azure. Apart from this, we will also discuss a few other FAQs related to this.

What VPN Types are Supported By Azure? Microsoft Azure supports four types of VPN connections. Those are as mentioned below

  1. Point-to-Site VPN: It will help you to create a connection between your Windows system and the virtual private network.
  2. Site-to-Site VPN: This helps you to create a connection between your on-premises site and the virtual private network.
  3. MultiSite: This is a type of VPN configuration that helps you connect multiple on-premises sites to a virtual private network instead of just one site.
  4. Express Route: Express route helps you for a direct connection to Azure from your WAN instead of a VPN connection using the public Internet. 

We will discuss this below in detail.

What VPN Types are Supported By Azure

Well, Let’s discuss the Azure VPN types or the answer to the question, can you elaborate on the different VPN types that work with Azure?

Currently, 4 types of VPN connections are supported by Azure. Below are the four types

  • Point To Site VPN
  • Site To Site VPN
  • MultiSite
  • Express route

Point To Site VPN Azure

A Point-to-site VPN connection helps to create a connection between the Azure virtual network and individual computers. This is a very good solution in case you have a few clients, and those clients need to connect to the virtual network.

Point To Site VPN has to use one of the below protocols

  • OpenVPN Protocol
  • Secure Socket Tunneling Protocol
  • IKEv2 VPN

The first thing is the user has to be authenticated first. Then, only Azure will accept the Point-to-site VPN connection.

There are two ways to authenticate the user

  • Using native Azure certificate authentication: For this authentication method, an authenticated client certificate on the device is used to authenticate the connecting user. Here, the client certificates need to be installed on the individual computer.
  • Using native Azure Active Directory authentication: This authentication methodology uses the Azure Active Directory authentication mechanism. This uses the Azure Active Directory credentials to authenticate the user. Another benefit of this authentication mechanism is using Multi-Factor Authentication(MFA) features for VPN.

Site To Site VPN Azure

This is another type of VPN connection in Azure that you can use to connect your on-premises network to the Azure Virtual Network.

Site-to-site VPNs are good options for companies with multiple offices in different locations needing access and using the corporate network.

Before configuring the Site-to-site VPN connection, you should make sure that the following points are ready for you

  • You must have a compatible VPN device and a person who should know how to configure the VPN in that device.
  • You need to verify that you have an external-facing public IPv4 address for your VPN device.
  • You should know the IP address ranges located in your on-premises network configuration. you need to specify the IP address Azure will route to your on-premises location.


This is another category of VPN that helps to connect multiple on-premise sites instead of just one to connect to your virtual private network (VPN).

We can create a multi-site VPN like we are creating other Site-to-Site connections. Also, you can use an existing Azure VPN gateway while creating a multi-site VPN connection.


ExpressRoute is one more category of the Azure VPN that helps you connect to Microsoft cloud services like Office 365 to your on-premises networks. you can connect privately from your on-premises networks to the Microsoft clouds by a connectivity provider.

ExpressRoute offers reliability, faster, and higher security connections than typical connections over the Internet.

There are some benefits of using the ExpressRoute as a virtual private network (VPN), as listed below.

  • It will help to connect to Microsoft cloud services across many regions across the Globe.
  • One more important thing is you can create Layer 3 connectivity between your on-premises network and the Microsoft Cloud.
  • It will provide higher reliability since it has built-in redundancy for every peering location.
  • It can provide Dynamic routing between your network and Microsoft via BGP.

Along with these benefits, ExpressRoute also has many excellent features that help. Let’s discuss a few of the important features

Provides the feature to connect to Microsoft Cloud services:

It can connect to Microsoft cloud services like Microsoft Azure services and Microsoft Office 365 services.

Capable of connecting globally with ExpressRoutePremium:

If you are using the ExpressRoute Premium version, then you can connect all the regions across the globe from one particular location.

Capable of connecting to the national clouds:

  • It can connect to some of the special cloud locations.

Provides with ExpressRoute Direct feature:

  • ExpressRoute provides the ExpressRoute Direct feature that helps customers connect to the Microsoft global network at worldwide peering locations.
  • It also provides dual 100Gbps connectivity, Massive Data Ingestion to different services like Cosmos DB and storage, and Physical isolation for different industries.

Provides more Bandwidth options:

  • ExpressRoute provides more bandwidth options such as 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, etc.

More Billing Model:

ExpressRoute provides you the option to choose Multiple billing models, like

  • Unlimited data where you need to pay every month based on your usage,
  • Metered data where, again, you need to pay monthly. The Outbound data transfer is charged per GB and can vary for different regions.
  • Premium add-on where you will get a lot of extra features like Increased route limits from 4,000 routes to 10,000 routes. You will get connectivity globally except for the national clouds.

As we discussed above, the Azure network VPN provides many advantages with many excellent features to work from different regions across the globe.


What is Azure policy-based VPN

Azure policy-based VPN uses different combinations of prefixes from both of the networks that help to define how the traffic is encrypted or decrypted through the IPsec tunnels.

Azure policy-based VPN is built based on the firewall devices that perform packet filtering where IPsec tunnel encryption and decryption are added.

Can I connect virtual networks in different Azure regions?

The answer is Yes. You can connect multiple virtual networks in the same or different regions.

Can I connect to multiple sites from a single virtual network?

Yes, you can. You can use the Multisite VPN connection for this purpose.

How many VPN client endpoints can I have in my Point-to-Site configuration?

It depends on the gateway SKU.

What client operating systems can I use with Point-to-Site?

Below are the operating systems that are supported by the Point-to-Site VPN type.

  1. Windows 10, Windows 7 (32-bit and 64-bit), Windows 8.1 (32-bit and 64-bit)
  2. Windows Server 2012, Windows Server 2012 R2 (64-bit for both)
  3. Windows Server 2016, 2019 (64-bit for both)
  4. iOS, Linux (StrongSwan), Mac OS X version 10.11 and later

Can I connect virtual networks in different subscriptions?

Yes, you can connect virtual networks in different subscriptions.

Can I update my policy-based VPN gateway to route-based?

No, it’s not possible to update your policy-based VPN gateway to route-based. But you can delete it and recreate a new one in around 60 minutes.

Is a VPN gateway a virtual network gateway?

A VPN gateway is a type of virtual network gateway that helps to send the encrypted traffic between various virtual networks as well as between a virtual network and your on-premises location across a public connection.

Is Azure VPN free?

You can only set the Virtual network free of cost. But Microsoft will charge you based on the amount of provision time of the gateway while connecting on-premises and other virtual networks in Azure.

What are Azure Point-To-Site VPN Limitations

  • Using a dynamic routing VPN gateway, the maximum number of Point-To-Site connections is 128.

For the complete information, check out the Gateway SKUs by tunnel, connection, and throughput section here.

You might like following the articles below


Well, here in this article, we have discussed what vpn types are supported by azure? or types of VPN in Azure, and then we discussed a few FAQs related to VPN.