What VPN Types are Supported By Azure

In this azure tutorial, we will discuss what VPN types are supported by azure. Apart from this, we will also discuss on below topics

What VPN Types are Supported By Azure
  • What is VPN in Azure?
  • Azure VPN gateway
  • Azure VPN Client
  • Microsoft Azure VPN client download
  • Azure policy-based VPN
  • Azure VPN Gateway Pricing

What VPN Types are Supported By Azure

Well, we will discuss What VPN Types are Supported By Azure? But before that, we should understand What is VPN in Azure?. then we will discuss the VPN Types are Supported By Azure.

What is VPN in Azure?

First of all, a VPN is called Virtual Private Network that helps us to connect to another network securely over the Internet.

Now coming back to the point, VPN in Azure is a virtual network gateway that helps to send encrypted traffic between the Azure virtual network and an on-premises location over the internet.

It can also help to send the traffic with encrypted format between Azure virtual networks over the Microsoft network.

Well, Let’s discuss the What VPN Types are Supported By Azure

Currently, there are 4 types of VPN connections that are supported by Azure. The below are the four types

  • Point To Site VPN
  • Site To Site VPN
  • MultiSite
  • Express route

Point To Site VPN

A Point to site VPN connection helps to create a connection between Azure virtual network and individual computer. This is a very good solution in case you have few clients, and those clients need to connect to the virtual network.

Point To Site VPN has to use one of the below protocols

  • OpenVPN Protocol
  • Secure Socket Tunneling Protocol
  • IKEv2 VPN

The first thing is the user has to be authenticated first, then only the Azure will accept the Point to site VPN connection.

There are two ways to authenticate the user

  • Using native Azure certificate authentication: For this authentication method, an authenticated client certificate that is present on the device is used to authenticate the connecting user. Here, the client certificates need to be installed on the individual computer.
  • Using native Azure Active Directory authentication: This authentication methodology uses the Azure Active Directory authentication mechanism. This uses the Azure Active Directory credentials to authenticate the user. One more benefit of this authentication mechanism is you can use Multi-Factor Authentication(MFA) features for VPN.

Site To Site VPN

This is another type of VPN connection in Azure that you can use to connect your on-premises network to the Azure Virtual Network.

Site-to-site VPNs are good options for companies with multiple offices in different locations that need to access and use the corporate network.

Before configuring the Site to Site VPN connection, you should make sure that the following points are ready with you

  • You must have a compatible VPN device and a person who should know how to configure the VPN in that device.
  • You need to verify that you have an external-facing public IPv4 address for your VPN device.
  • You should know the IP address ranges located in your on-premises network configuration. you need to specify the IP address that Azure will route to your on-premises location.


This is another category of VPN that helps to connect multiple on-premise sites instead of just one to connect to your virtual private network (VPN).

We can create a multi-site VPN in the same way how we are creating other Site-to-Site connections. Also, you can use an existing Azure VPN gateway while creating the multi-site VPN connection.


ExpressRoute is one more category of the Azure VPN that helps you to connect to the Microsoft cloud services like Office 365 to your on-premises networks. you can connect privately from your on-premises networks to the Microsoft clouds by a connectivity provider.

ExpressRoute offers reliability, faster, and higher security connections than typical connections over the Internet.

There are some benefits using the ExpressRoute as the virtual private network (VPN) as listed below.

  • It will help to connect to Microsoft cloud services across many regions across the Globe.
  • One more important thing is you can create the Layer 3 connectivity between your on-premises network and the Microsoft Cloud.
  • It will provide higher reliability since it has built-in redundancy for every peering location.
  • It has the capability to provide Dynamic routing between your network and Microsoft via BGP.

Along with these benefits, ExpressRoute also has many excellent features that really help. Let’s discuss a few of the important features

Provides the feature to connect to Microsoft cloud services:

It has the capability to connect to Microsoft cloud services like Microsoft Azure services and Microsoft Office 365 services.

Capable of connecting globally with ExpressRoutePremium:

If you are using the ExpressRoute Premium version then you can able to connect for all the regions across the globe from one particular location.

Capable of connecting to the national clouds:

  • It has the capability to connect to some of the special cloud locations.

Provides with ExpressRoute Direct feature:

  • ExpressRoute provides the ExpressRoute Direct feature that helps the customers to connect to the Microsoft global network at the peering locations available across the world.
  • It also provides dual 100Gbps connectivity, Massive Data Ingestion to different services like Cosmos DB and storage, provides Physical isolation for different industries.

Provides more Bandwidth options:

  • ExpressRoute provides more bandwidth options which you can choose like 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, etc.

More Billing Model:

ExpressRoute provides you the options to choose Multiple billing models like

  • Unlimited data where you need to pay a monthly basis based on your usage,
  • Metered data where again you need to pay on a monthly basis here the  Outbound data transfer is charged per GB and can vary for different regions.
  • Premium add-on where you will get a lot of extra features like you will get Increased route limits from 4,000 routes to 10,000 routes, You will get the connectivity globally except the national clouds.

As we discussed above, the Azure network VPN provides many advantages with lots of excellent features to work from different regions across the globe.

So this is all about What vpn types are supported by azure. Now let’s discuss What is Azure VPN gateway?.

Azure VPN gateway

A Virtual network gateway is something that is composed of two virtual machines that are deployed to a specific subnet that is called gateway subnet. These two virtual machines are created when you create a virtual network gateway.

These two virtual machines that belongs to the virtual network gateway contains the routing tables.

During the configuration of the virtual network gateway, you need to configure the settings for the gateway type which helps to determine how the virtual network gateway will be used and the actions that the gateway takes.

If you configure the gateway type as VPN, it means that it is a “VPN gateway”. There can be two types of virtual network gateways

  • One VPN gateway
  • One ExpressRoute gateway

It can take up to 45 minutes to create a virtual machine gateway.

Azure VPN Client

The Azure VPN Client helps you to connect to the Azure from anywhere in the world securely. For the security perspective, it allows you to use the Azure Active Directory, certificate-based as the authentication options that ensure high security.

Microsoft Azure VPN client download

The new Azure VPN client is available on the Microsoft store. You can get the Azure VPN client from the below URL


You can also generate the VPN client configuration files using the Azure portal, to do that you need to follow the below steps

Step-1: Login to the Azure Portal (https://portal.azure.com/).

Step-2: Once login, navigate to the virtual network gateway for the virtual network.

Step-3: On the virtual network gateway page, click Point-to-site configuration from the left side menu under the Settings option.

Step-4: On the Point-to-site configuration page, click Download VPN client button from the top menu. then it will take a few minutes to generate the client configuration package.

Step-5: Now you will get a zip file. You can unzip this file to use that.

One more way is to generate the VPN client configuration file using Powershell

You can use the below PowerShell cmdlet to generate the VPN client configuration file

$getAVPNClientConfigurationFile=New-AzVpnClientConfiguration -ResourceGroupName "newresgroup" -Name "vnet-my-managed-sql-instance" -AuthenticationMethod "EapTls"

Azure VPN Client

Now copy the URL generated to your browser to download the zip file and then unzip the file to use that.

You can configure the Azure VPN Client in the below operating systems

  • Windows
  • Mac OS (X)
  • Linux

Azure policy-based VPN

Azure policy-based VPN uses different combinations of prefixes from both of the networks that helps to define how the trafic is encrypted or decrypted through the IPsec tunnels.

Azure policy-based VPN is built based on the firewall devices that perform packet filtering where IPsec tunnel encryption and decryption are added.

Azure VPN Gateway Pricing

Well, here we will discuss Azure VPN Gateway Pricing details

Basic₹2.38/hour100 MbpsMax 10
Max 128
VpnGw1₹12.5583/hour650 MbpsMax 30Max 250
VpnGw2₹32.3872/hour1 GbpsMax 30Max 500
VpnGw3₹82.6204/hour1.25 GbpsMax 30Max 1000
VpnGw4₹138.8022/hour5 GbpsMax 30Max 5000
VpnGw5₹241.2514/hour10 GbpsMax 30Max 10000

The Inbound Inter-virtual network data transfer i.e. the data going into Azure data centers between two virtual networks—FREE

Whereas Outbound Inter-virtual network data transfer i.e the data going out of Azure datacenters between two virtual networks is chargeable as below

Data transfer From Zone 1*— ₹2.3134 per GB

Data transfer From Zone 2*— ₹5.9487 per GB

Data transfer From Zone 3*— ₹10.5754 per GB

For more details on the pricing Details, you can refer to below Microsoft Official site


How VPN works step by step?

We have already discussed What is VPN?. Now I am presenting here how does the VPN work step by step?

Step-1: The first step is The VPN encrypts your data traffic. Once encrypted, it sends it to the VPN server via a secure connection.

Step-2: The data that are encrypted from your computer is again decrypted by the VPN server.

Step-3: Now the VPN server will send the data to the internet and will get the reply.

Sep-4: Now the data traffic is again encrypted by the VPN server and it will send the encrypted data to you. But it is an encrypted data you got. How will you understand this? follow the next step.

Step-5: The encrypted data that you got will be decrypted by the VPN-software available on your device. Now you can use the decrypted data.

The VPN will encrypt your data traffic, so that it is very much difficult for hackers and other parties to view it.

So the above are the steps how VPN works step by step.

You might like following the below articles


Well, here in this article, we have discussed What VPN Types are Supported By Azure, What is VPN in Azure?, Azure VPN gateway, Azure VPN Client, From where we can download the Microsoft Azure VPN client (Microsoft Azure VPN client download) and then we discussed Azure policy-based VPN and Azure VPN Gateway Pricing Along with this finally we discussed, How VPN works step by step?.

Leave a Comment