What VPN Types are Supported By Azure

by
In this Azure tutorial, we will discuss what VPN types are supported by Azure. Apart from this, we will also discuss a few other FAQs related to this.

What VPN Types are Supported By Azure

Well, let’s discuss the Azure VPN types or the answer to the question: Can you elaborate on the different VPN types that work with Azure?

Currently, 4 types of VPN connections are supported by Azure. Below are the four types

  1. Point-to-Site VPN
  2. Site-to-Site VPN
  3. MultiSite
  4. Express route

Point To Site VPN Azure

A Point-to-Site VPN connection helps create a connection between the Azure virtual network and individual computers. This is a very good solution if a few clients need to connect to the virtual network.

Point To Site VPN has to use one of the following protocols

  • OpenVPN Protocol
  • Secure Socket Tunneling Protocol
  • IKEv2 VPN

The user must first be authenticated. Only Azure will accept the point-to-site VPN connection.

There are two ways to authenticate the user

  • Using native Azure certificate authentication: This authentication method uses an authenticated client certificate on the device to authenticate the connecting user. The client certificates need to be installed on the individual computer.
  • Using native Azure Active Directory authentication: This authentication methodology uses the Azure Active Directory authentication mechanism. This uses the Azure Active Directory credentials to authenticate the user. Another benefit of this authentication mechanism is using Multi-Factor Authentication(MFA) features for VPN.

Site-to-Site VPN Azure

This is another type of VPN connection in Azure that you can use to connect your on-premises network to the Azure Virtual Network.

Site-to-site VPNs are good options for companies with multiple offices in different locations that need access to and use of the corporate network.

Before configuring the Site-to-site VPN connection, you should make sure that the following points are ready for you

  • You must have a compatible VPN device and a person who knows how to configure the VPN on that device.
  • You need to verify that you have an external-facing public IPv4 address for your VPN device.
  • You should know the IP address ranges in your on-premises network configuration. Then, you need to specify the IP address that Azure will route to your on-premises location.

MultiSite

This is another category of VPN that allows you to connect multiple on-premise sites instead of just one to your virtual private network (VPN).

We can create a multi-site VPN like we do other Site-to-Site connections. You can also use an existing Azure VPN gateway while creating a multi-site VPN connection.

ExpressRoute

ExpressRoute is another category of the Azure VPN that helps you connect to Microsoft cloud services like Office 365 from your on-premises networks. You can connect privately from your on-premises networks to the Microsoft clouds through a connectivity provider.

ExpressRoute offers reliability, faster, and higher security connections than typical connections over the Internet.

Using ExpressRoute as a virtual private network (VPN) has some benefits, as listed below.

  • It will help connect to Microsoft cloud services across many global regions.
  • Another important feature is that you can create Layer 3 connectivity between your on-premises network and the Microsoft Cloud.
  • It will provide higher reliability since it has built-in redundancy for every peering location.
  • It can provide Dynamic routing between your network and Microsoft via BGP.

Along with these benefits, ExpressRoute also has many excellent features that help. Let’s discuss a few of the important features

Provides the feature to connect to Microsoft Cloud services:

It can connect to Microsoft cloud services like Microsoft Azure and Microsoft Office 365.

Capable of connecting globally with ExpressRoute Premium:

If you are using the ExpressRoute Premium version, you can connect all the regions across the globe from one location.

Capable of connecting to the national clouds:

  • It can connect to some of the special cloud locations.

Provides with ExpressRoute Direct feature:

  • ExpressRoute provides the ExpressRoute Direct feature that helps customers connect to the Microsoft global network at worldwide peering locations.
  • It also provides dual 100 Gbps connectivity, Massive Data Ingestion to different services like Cosmos DB and storage, and Physical isolation for different industries.

Provides more Bandwidth options:

  • ExpressRoute provides more bandwidth options, such as 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, and 2 Gbps.

More Billing Model:

ExpressRoute provides you the option to choose Multiple billing models, like

  • Unlimited data, where you need to pay every month based on your usage,
  • Metered data, for which, again, you need to pay monthly. Outbound data transfer is charged per GB and can vary between regions.
  • This premium add-on has many extra features, like Increased route limits from 4,000 to 10,000 routes. You will also get connectivity globally, except for the national clouds.

As we discussed above, the Azure network VPN provides many advantages and excellent features for working from different regions across the globe.

FAQS:

What is Azure policy-based VPN

Azure policy-based VPN uses different combinations of prefixes from both networks to help define how traffic is encrypted or decrypted through the IPsec tunnels.

Azure policy-based VPN is built based on firewall devices that perform packet filtering, with IPsec tunnel encryption and decryption added.

Can I connect virtual networks in different Azure regions?

The answer is Yes. You can connect multiple virtual networks in the same or different regions.

Can I connect to multiple sites from a single virtual network?

Yes, you can. You can use the Multisite VPN connection for this purpose.

How many VPN client endpoints can I have in my Point-to-Site configuration?

It depends on the gateway SKU.

What client operating systems can I use with Point-to-Site?

Below are the operating systems that are supported by the Point-to-Site VPN type.

  1. Windows 10, Windows 7 (32-bit and 64-bit), Windows 8.1 (32-bit and 64-bit)
  2. Windows Server 2012, Windows Server 2012 R2 (64-bit for both)
  3. Windows Server 2016, 2019 (64-bit for both)
  4. iOS, Linux (StrongSwan), Mac OS X version 10.11 and later

Can I connect virtual networks in different subscriptions?

Yes, you can connect virtual networks in different subscriptions.

Can I update my policy-based VPN gateway to route-based?

No, updating your policy-based VPN gateway to route-based is impossible. But you can delete it and recreate a new one in around 60 minutes.

Is a VPN gateway a virtual network gateway?

A VPN gateway is a type of virtual network gateway that helps send encrypted traffic between various virtual networks and between a virtual network and your on-premises location across a public connection.

Is Azure VPN free?

You can only set up the Virtual network free of cost. However, Microsoft will charge you based on the provision time of the gateway when connecting on-premises and other virtual networks in Azure.

What are Azure Point-To-Site VPN Limitations

  • Using a dynamic routing VPN gateway, the maximum number of Point-To-Site connections is 128.

For complete information, check out the Gateway SKUs by tunnel, connection, and throughput section here.

What VPN Types are Supported By Azure?

Microsoft Azure supports four types of VPN connections. Those are as mentioned below

  1. Point-to-Site VPN: It helps you create a connection between your Windows system and the virtual private network.
  2. Site-to-Site VPN: This helps you create a connection between your on-premises site and the virtual private network.
  3. MultiSite: This type of VPN configuration helps you connect multiple on-premises sites to a virtual private network instead of just one site.
  4. Express Route: Express route allows you to make a direct connection to Azure from your WAN instead of a VPN connection using the public Internet.

Check out the above article for detailed information.

Conclusion

Well, here in this article, we have discussed what VPN types are supported by Azure? or types of VPN in Azure, and then we discussed a few FAQs related to VPN.

You might like following the articles below

Azure Virtual Machine

DOWNLOAD FREE AZURE VIRTUAL MACHINE PDF

Download our free 25+ page Azure Virtual Machine guide and master cloud deployment today!