Table of contents
1.
Introduction
2.
What is a virtual network gateway?
3.
Configuring a VPN Gateway
3.1.
Connectivity
3.2.
Planning Table
3.3.
Settings
3.4.
Deployment Tools
4.
Gateway SKUs
5.
Availability Zones
6.
Pricing
6.1.
VPN Network Gateway Cost
6.2.
Data Transfer Cost
7.
Create Virtual Network
8.
Create a VPN Gateway
9.
Managing the VPN Gateway
9.1.
View the Public IP Address.
9.2.
Resizing a Gateway SKU
9.3.
Resetting a Gateway
10.
Frequently Asked Questions.
10.1.
What is Azure VPN Gateway?
10.2.
Is Azure VPN Gateway free or not?
10.3.
Why is VPN Gateway used?
10.4.
What are the main types of VPNs?
10.5.
Give some examples of VPNs
11.
Conclusion
Last Updated: Mar 27, 2024

Azure VPN Gateway

Introduction

Azure VPN gateway is the virtual private network that sends encrypted traffic between the Azure virtual networks over the Microsoft network. Each of the virtual networks has only one VPN gateway. Also, A VPN gateway is a specific type of virtual network gateway. However, we can create multiple connections to the same VPN gateway. But the question comes to mind: What does the virtual network gateway mean?

So, let's discuss this.

VPN

What is a virtual network gateway?

A virtual network gateway is a gateway that is composed of two or more VMs. It is automatically configured and deployed to a specific subnet we create called the gateway subnet. The gateway VMs contain routing tables and also run particular gateway services. We cannot directly configure the VMs that are part of the virtual network gateway. 

When constructing a virtual network gateway, we configure a situation that specifies the gateway type as the gateway type determines how the virtual network gateway is used and its actions. The gateway type 'VPN' defines that the type of virtual network gateway created is a 'VPN gateway.' This is different from an ExpressRoute gateway as it uses another gateway type. 

virtual network gateway

A virtual network can have two virtual network gateways; the first is the VPN gateway, and the other is the ExpressRoute gateway. 

Configuring a VPN Gateway

The connection of a VPN gateway depends on multiple resources configured with particular settings. Generally, most resources are customized separately, although some are customized in a specific order.

Connectivity

connectivity

We must determine the best designs to create multiple VPN gateway connection configurations. There can be different connections such as - 

  • Site-to-Site VPN connections
  • Point-to-Point VPN connections
  • Vnet-to-Vnet VPN Connections

 

All three connections can have different instructions and configuration requirements also.

Planning Table

This table helps to decide the connectivity options best for our solution.

planning table

 

Point-to-Site

Site-to-Site

Azure Supported Services

Cloud Services and Virtual Machines

Cloud Services and Virtual Machines

Typical Bandwidths

Based on the gateway SKU

Typically, < 10 Gbps aggregate

Protocols Supported

Secure Sockets Tunnelling Protocol (SSTP), OpenVPN, and IPsec

IPsec

Routing

Route Based (dynamic)

We support Policy-Based (static routing) and Route Based (dynamic routing VPN)

Connection resiliency

active-passive

 

active-passive or active-active

 

Typical use case

Secure access to Azure virtual networks for remote users

Dev/test/lab scenarios and small to medium scale production workloads for cloud services and virtual machines

 

Settings

To create a successful connection, we must choose each resource's setting. Generally, we consider gateway types, gateway SKUs, VPN types, Connection types, and various other resource settings.

Deployment Tools

We can start creating and configuring resources like the Azure portal using a single configuration tool. Later, we can switch to another tool, such as PowerShell, to configure additional resources or modify existing ones.

But currently, we cannot configure every resource and resource setting in the Azure Portal.

Gateway SKUs

While creating a virtual network gateway, we specify the gateway SKU we want to use. We select the SKU that specifies our requirements based on the types of throughputs, features, and workloads.

Availability Zones

The VPN gateways can be deployed in Azure Availability Zones, bringing resiliency, scalability, and higher availability to virtual gateways. Deploying gateways physically and logically in Azure Availability Zones separates gateways within a region while protecting our on-premises network connectivity to Azure from zone-level failures.

Pricing

pricing

Generally, we pay for two things; the costs for the VPN gateway, computed hourly, and the egress data transferred from the VPN gateway.

We will only discuss the Virtual Network Gateway pricing.

VPN Network Gateway Cost

Each virtual network gateway computes costs hourly. The prices are based on the gateway SKU we specify while creating a virtual network gateway. Also, an active-active setup costs the same as an active-passive setup.

Data Transfer Cost

The calculations of data transfer costs are based on the egress traffic from the source virtual network gateway.

If we send traffic to our on-premises VPN devices, data transfer costs will be charged with the internet egress data transfer rate.

The cost of sending traffic between virtual networks in different regions is based on the region. Also, there will be no cost charged if we send traffic only between virtual networks.

In the above, we learned about the VPN gateway. Now let's discuss how we create a VPN gateway also the managing techniques using Azure Portal.


So, let's start by creating a virtual network.

Create Virtual Network

create VPN

The followings are the values and steps for creating a virtual network.

  • Resource Group: TestRG1
  • Name: VNet1
  • Region: (US) East US
  • IPv4 Address Space: 10.1.0.0/16
  • Subnet Name: FrontEnd

 

  1. Sign in to the Azure Portal
  2. Type virtual network in the search resources, service, and docs. Then select the virtual network from the marketplace.


     
  3. Now select create on the virtual network page to open Create.
  4. Configure the Vnet settings on the Basics tab for project details and instance details, and then Enter the required values.


     
  5. Now select the IP Addresses tab and configure the settings.
  6. Then select the Security tab and leave it with the default values.
  7. Select Review+Create Tab to validate the virtual network settings.
  8. Select the Create after validating the settings to create a virtual network.

 

Now let's see how we create a VPN gateway.

Create a VPN Gateway

Firstly, Use the following values to create a virtual network gateway.

  • Name: VNet1GW
  • Region: East US
  • Gateway type: VPN
  • VPN type: Route-based
  • SKU: VpnGw2
  • Generation: Generation 2
  • Virtual network: VNet1
  • Gateway subnet address range: 10.1.255.0/27
  • Public IP address: Create new
  • Public IP address name: VNet1GWpip

 

Below are the steps to create a VPN Gateway.

  1. Type virtual network gateway in the search resources, service, and docs. Then select the virtual network gateway from the marketplace.


     
  2. Now select create on the virtual network page to open Create.

    create VPN
     
  3. Select the basics tab and Fill in the required details for the project details and Instance details.

    public ip address
     
  4. Specify the values for the Public IP address.
  5. Then select the Review+Create tab to run validation.
  6. After passing the validation, Select Create to deploy the VPN Gateway.


During the creation of the VPN gateway, it will take 45 minutes or more to create and deploy fully. Also, we can see the deployment status on the Overview page of our VPN Gateway.

We are all aware of how we create the VPN network and gateway.

So, let's see how we managed the VPN Gateway.

Managing the VPN Gateway

View the Public IP Address.

We can view the gateway Public IP Address on the Overview page.

Ip address

Resizing a Gateway SKU

For resizing, we have to follow the specific rules mentioned below.

  1. Go to the Configuration section in the virtual network gateway.
  2. On the right side of the page, click the dropdown arrow to show the available gateway SKUs.

    resizing a gateway SKU
     
  3. Select the SKU from the dropdown.

Resetting a Gateway

Below are the following steps for resetting a gateway.

  1. Go to the virtual network gateway portal that we want to reset.
  2. On the Virtual network gateway page, in the left pane, scroll down to the Support + Troubleshooting section and select Reset.
  3. Click Reset on the reset page. Once the command is issued, the currently active instance of the Azure VPN gateway is rebooted immediately. 
Resetting a gateway


We all became familiar with the Azure VPN Gateway in the above articles. Now, let's move to some FAQs related to them.

Frequently Asked Questions.

What is Azure VPN Gateway?

Azure VPN Gateway helps to connect the on-premises network to Azure through different modes of connection.

Is Azure VPN Gateway free or not?

It is only accessible for setting up a virtual network, but there is a charge for VPN Gateway that connects to on-premises and other networks in Azure.

Why is VPN Gateway used?

VPN Gateway is used to provide secure connectivity between multiple users.

What are the main types of VPNs?

The two types of VPNs are Remote Access VPN AND Site-to-Site VPN.

Give some examples of VPNs

Express VPN, Nord VPN, Atlas VPN, and Cisco's AnyConnect are examples of VPNs.

Conclusion

In this article, we have discussed the Azure VPN Gateway with the creation and management of VPN Gateway.

After reading about the Azure VPN Gateway, are you not feeling excited to read/explore more articles on various CMS Platforms? Don't worry; Coding Ninjas has you covered. See RubyMicrosoft AzureVPNTypes of VPN, and Tunneling with VPN.

Do upvote our blogs if you find them helpful and engaging!

Happy Learning!

 

Live masterclass