What VPN Types are Supported By Azure

What VPN Types are Supported Azure

In this Azure tutorial, we will discuss what VPN types are supported by Azure. Apart from this, we will also discuss a few other FAQs related to this.

What VPN Types are Supported By Azure? There are four types of VPN connections that are supported by Microsoft Azure. Those are as mentioned below

  1. Point To Site VPN: It will help you to create a connection between your Windows system and the virtual private network.
  2. Site To Site VPN: This helps you to create a connection between your on-premises site and the virtual private network.
  3. MultiSite: This is a type of VPN configuration that helps you to connect multiple on-premises sites to a virtual private network instead of just one site.
  4. Express Route: Express route helps you for a direct connection to Azure from your WAN, instead of a VPN connection using the public Internet. 

We will discuss this below in detail.

What VPN Types are Supported By Azure

Well, Let’s discuss the VPN Types that are Supported By Azure or the answer to the question can you elaborate on the different VPN types that work with Azure?

Currently, there are 4 types of VPN connections that are supported by Azure. Below are the four types

  • Point To Site VPN
  • Site To Site VPN
  • MultiSite
  • Express route

Related article: What is VPN in Azure and How VPN works step by step?

Point To Site VPN Azure

A Point to site VPN connection helps to create a connection between the Azure virtual network and individual computers. This is a very good solution in case you have a few clients, and those clients need to connect to the virtual network.

Point To Site VPN has to use one of the below protocols

  • OpenVPN Protocol
  • Secure Socket Tunneling Protocol
  • IKEv2 VPN

The first thing is the user has to be authenticated first, then only Azure will accept the Point-to-site VPN connection.

There are two ways to authenticate the user

  • Using native Azure certificate authentication: For this authentication method, an authenticated client certificate that is present on the device is used to authenticate the connecting user. Here, the client certificates need to be installed on the individual computer.
  • Using native Azure Active Directory authentication: This authentication methodology uses the Azure Active Directory authentication mechanism. This uses the Azure Active Directory credentials to authenticate the user. One more benefit of this authentication mechanism is you can use Multi-Factor Authentication(MFA) features for VPN.

Site To Site VPN Azure

This is another type of VPN connection in Azure that you can use to connect your on-premises network to the Azure Virtual Network.

Site-to-site VPNs are good options for companies with multiple offices in different locations that need to access and use the corporate network.

Before configuring the Site to Site VPN connection, you should make sure that the following points are ready for you

  • You must have a compatible VPN device and a person who should know how to configure the VPN in that device.
  • You need to verify that you have an external-facing public IPv4 address for your VPN device.
  • You should know the IP address ranges located in your on-premises network configuration. you need to specify the IP address that Azure will route to your on-premises location.


This is another category of VPN that helps to connect multiple on-premise sites instead of just one to connect to your virtual private network (VPN).

We can create a multi-site VPN in the same way how we are creating other Site-to-Site connections. Also, you can use an existing Azure VPN gateway while creating a multi-site VPN connection.


ExpressRoute is one more category of the Azure VPN that helps you to connect to the Microsoft cloud services like Office 365 to your on-premises networks. you can connect privately from your on-premises networks to the Microsoft clouds by a connectivity provider.

ExpressRoute offers reliability, faster, and higher security connections than typical connections over the Internet.

There are some benefits of using the ExpressRoute as a virtual private network (VPN) as listed below.

  • It will help to connect to Microsoft cloud services across many regions across the Globe.
  • One more important thing is you can create Layer 3 connectivity between your on-premises network and the Microsoft Cloud.
  • It will provide higher reliability since it has built-in redundancy for every peering location.
  • It has the capability to provide Dynamic routing between your network and Microsoft via BGP.

Along with these benefits, ExpressRoute also has many excellent features that really help. Let’s discuss a few of the important features

Provides the feature to connect to Microsoft Cloud services:

It has the capability to connect to Microsoft cloud services like Microsoft Azure services and Microsoft Office 365 services.

Capable of connecting globally with ExpressRoutePremium:

If you are using the ExpressRoute Premium version then you can able to connect all the regions across the globe from one particular location.

Capable of connecting to the national clouds:

  • It has the capability to connect to some of the special cloud locations.

Provides with ExpressRoute Direct feature:

  • ExpressRoute provides the ExpressRoute Direct feature that helps customers to connect to the Microsoft global network at the peering locations available across the world.
  • It also provides dual 100Gbps connectivity, Massive Data Ingestion to different services like Cosmos DB and storage, provides Physical isolation for different industries.

Provides more Bandwidth options:

  • ExpressRoute provides more bandwidth options which you can choose like 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, etc.

More Billing Model:

ExpressRoute provides you the option to choose Multiple billing models like

  • Unlimited data where you need to pay a monthly basis based on your usage,
  • Metered data where again you need to pay on a monthly basis here the  Outbound data transfer is charged per GB and can vary for different regions.
  • Premium add-on where you will get a lot of extra features like you will get Increased route limits from 4,000 routes to 10,000 routes, You will get connectivity globally except the national clouds.

As we discussed above, the Azure network VPN provides many advantages with lots of excellent features to work from different regions across the globe.


What is Azure policy-based VPN

Azure policy-based VPN uses different combinations of prefixes from both of the networks that help to define how the traffic is encrypted or decrypted through the IPsec tunnels.

Azure policy-based VPN is built based on the firewall devices that perform packet filtering where IPsec tunnel encryption and decryption are added.

Can I connect virtual networks in different Azure regions?

The answer is Yes. You can able to connect multiple virtual networks with each other in the same or different regions.

Can I connect to multiple sites from a single virtual network?

Yes, you can. You can use the Multisite VPN connection for this purpose.

How many VPN client endpoints can I have in my Point-to-Site configuration?

It depends on the gateway SKU.

What client operating systems can I use with Point-to-Site?

Below are the operating systems that are supported by the Point-to-Site VPN type.

  1. Windows 10, Windows 7 (32-bit and 64-bit), Windows 8.1 (32-bit and 64-bit)
  2. Windows Server 2012, Windows Server 2012 R2 (64-bit for both)
  3. Windows Server 2016, 2019 (64-bit for both)
  4. iOS, Linux (StrongSwan), Mac OS X version 10.11 and later

Can I connect virtual networks in different subscriptions?

Yes, you can connect virtual networks in different subscriptions.

Can I update my policy-based VPN gateway to route-based?

No, it’s not possible to update your policy-based VPN gateway to route based. But you can delete it and recreate a new one in around 60 minutes.

Is a VPN gateway a virtual network gateway?

A VPN gateway is a type of virtual network gateway that helps to send the encrypted traffic between various virtual networks as well as between a virtual network and your on-premises location across a public connection.

Is Azure VPN free?

You can only set the Virtual network free of cost. But Microsoft will charge you based on the amount of provision time of the gateway while connecting on-premises and other virtual networks in Azure.

What are Azure Point-To-Site VPN Limitations

  • The maximum number of Point-To-Site connections is 128 using a dynamic routing VPN gateway.

For the complete information, check out the Gateway SKUs by tunnel, connection, and throughput section here.

You might like following the below articles


Well, here in this article, we have discussed What VPN Types are Supported By Azure or VPN Types that are Supported By Azure, and then we discussed a few FAQs related to VPN.