Azure VPN gateway is the virtual private network that sends encrypted traffic between the Azure virtual networks over the Microsoft network. Each of the virtual networks has only one VPN gateway. Also, A VPN gateway is a specific type of virtual network gateway. However, we can create multiple connections to the same VPN gateway. But the question comes to mind: What does the virtual network gateway mean?
So, let's discuss this.
What is a virtual network gateway?
A virtual network gateway is a gateway that is composed of two or more VMs. It is automatically configured and deployed to a specific subnet we create called the gateway subnet. The gateway VMs contain routing tables and also run particular gateway services. We cannot directly configure the VMs that are part of the virtual network gateway.
When constructing a virtual network gateway, we configure a situation that specifies the gateway type as the gateway type determines how the virtual network gateway is used and its actions. The gateway type 'VPN' defines that the type of virtual network gateway created is a 'VPN gateway.' This is different from an ExpressRoute gateway as it uses another gateway type.
A virtual network can have two virtual network gateways; the first is the VPN gateway, and the other is the ExpressRoute gateway.
Configuring a VPN Gateway
The connection of a VPN gateway depends on multiple resources configured with particular settings. Generally, most resources are customized separately, although some are customized in a specific order.
Connectivity
We must determine the best designs to create multiple VPN gateway connection configurations. There can be different connections such as -
Site-to-Site VPN connections
Point-to-Point VPN connections
Vnet-to-Vnet VPN Connections
All three connections can have different instructions and configuration requirements also.
Planning Table
This table helps to decide the connectivity options best for our solution.
Point-to-Site
Site-to-Site
Azure Supported Services
Cloud Services and Virtual Machines
Cloud Services and Virtual Machines
Typical Bandwidths
Based on the gateway SKU
Typically, < 10 Gbps aggregate
Protocols Supported
Secure Sockets Tunnelling Protocol (SSTP), OpenVPN, and IPsec
IPsec
Routing
Route Based (dynamic)
We support Policy-Based (static routing) and Route Based (dynamic routing VPN)
Connection resiliency
active-passive
active-passive or active-active
Typical use case
Secure access to Azure virtual networks for remote users
Dev/test/lab scenarios and small to medium scale production workloads for cloud services and virtual machines
Settings
To create a successful connection, we must choose each resource's setting. Generally, we consider gateway types, gateway SKUs, VPN types, Connection types, and various other resource settings.
Deployment Tools
We can start creating and configuring resources like the Azure portal using a single configuration tool. Later, we can switch to another tool, such as PowerShell, to configure additional resources or modify existing ones.
But currently, we cannot configure every resource and resource setting in the Azure Portal.
Gateway SKUs
While creating a virtual network gateway, we specify the gateway SKU we want to use. We select the SKU that specifies our requirements based on the types of throughputs, features, and workloads.
Availability Zones
The VPN gateways can be deployed in Azure Availability Zones, bringing resiliency, scalability, and higher availability to virtual gateways. Deploying gateways physically and logically in Azure Availability Zones separates gateways within a region while protecting our on-premises network connectivity to Azure from zone-level failures.
Pricing
Generally, we pay for two things; the costs for the VPN gateway, computed hourly, and the egress data transferred from the VPN gateway.
We will only discuss the Virtual Network Gateway pricing.
VPN Network Gateway Cost
Each virtual network gateway computes costs hourly. The prices are based on the gateway SKU we specify while creating a virtual network gateway. Also, an active-active setup costs the same as an active-passive setup.
Data Transfer Cost
The calculations of data transfer costs are based on the egress traffic from the source virtual network gateway.
If we send traffic to our on-premises VPN devices, data transfer costs will be charged with the internet egress data transfer rate.
The cost of sending traffic between virtual networks in different regions is based on the region. Also, there will be no cost charged if we send traffic only between virtual networks.
In the above, we learned about the VPN gateway. Now let's discuss how we create a VPN gateway also the managing techniques using Azure Portal.
So, let's start by creating a virtual network.
Create Virtual Network
The followings are the values and steps for creating a virtual network.
Resource Group: TestRG1
Name: VNet1
Region: (US) East US
IPv4 Address Space: 10.1.0.0/16
Subnet Name: FrontEnd
Sign in to the Azure Portal
Type virtual network in the search resources, service, and docs. Then select the virtual network from the marketplace.
Now select create on the virtual network page to open Create.
Configure the Vnet settings on the Basics tab for project details and instance details, and then Enter the required values.
Now select the IP Addresses tab and configure the settings.
Then select the Security tab and leave it with the default values.
Select Review+Create Tab to validate the virtual network settings.
Select the Create after validating the settings to create a virtual network.
Now let's see how we create a VPN gateway.
Create a VPN Gateway
Firstly, Use the following values to create a virtual network gateway.
Name: VNet1GW
Region: East US
Gateway type: VPN
VPN type: Route-based
SKU: VpnGw2
Generation: Generation 2
Virtual network: VNet1
Gateway subnet address range: 10.1.255.0/27
Public IP address: Create new
Public IP address name: VNet1GWpip
Below are the steps to create a VPN Gateway.
Type virtual network gateway in the search resources, service, and docs. Then select the virtual network gateway from the marketplace.
Now select create on the virtual network page to open Create.
Select the basics tab and Fill in the required details for the project details and Instance details.
Specify the values for the Public IP address.
Then select the Review+Create tab to run validation.
After passing the validation, Select Create to deploy the VPN Gateway.
During the creation of the VPN gateway, it will take 45 minutes or more to create and deploy fully. Also, we can see the deployment status on the Overview page of our VPN Gateway.
We are all aware of how we create the VPN network and gateway.
So, let's see how we managed the VPN Gateway.
Managing the VPN Gateway
View the Public IP Address.
We can view the gateway Public IP Address on the Overview page.
Resizing a Gateway SKU
For resizing, we have to follow the specific rules mentioned below.
Go to the Configuration section in the virtual network gateway.
On the right side of the page, click the dropdown arrow to show the available gateway SKUs.
Select the SKU from the dropdown.
Resetting a Gateway
Below are the following steps for resetting a gateway.
Go to the virtual network gateway portal that we want to reset.
On the Virtual network gateway page, in the left pane, scroll down to the Support + Troubleshooting section and select Reset.
Click Reset on the reset page. Once the command is issued, the currently active instance of the Azure VPN gateway is rebooted immediately.
We all became familiar with the Azure VPN Gateway in the above articles. Now, let's move to some FAQs related to them.
Frequently Asked Questions.
What is Azure VPN Gateway?
Azure VPN Gateway helps to connect the on-premises network to Azure through different modes of connection.
Is Azure VPN Gateway free or not?
It is only accessible for setting up a virtual network, but there is a charge for VPN Gateway that connects to on-premises and other networks in Azure.
Why is VPN Gateway used?
VPN Gateway is used to provide secure connectivity between multiple users.
What are the main types of VPNs?
The two types of VPNs are Remote Access VPN AND Site-to-Site VPN.
Give some examples of VPNs
Express VPN, Nord VPN, Atlas VPN, and Cisco's AnyConnect are examples of VPNs.
Conclusion
In this article, we have discussed the Azure VPN Gateway with the creation and management of VPN Gateway.
After reading about the Azure VPN Gateway, are you not feeling excited to read/explore more articles on various CMS Platforms? Don't worry; Coding Ninjas has you covered. See Ruby, Microsoft Azure, VPN, Types of VPN, and Tunneling with VPN.
Do upvote our blogs if you find them helpful and engaging!