Azure supports different types of VPNs. You can use Azure to connect your on-premises network to your Azure virtual network (VNet). This allows you to extend your on-premises network resources to the cloud.
Checkout this video:
Introduction
Microsoft Azure supports various Virtual Private Network (VPN) technologies to allow resources in a virtual network to communicate securely with each other, as well as with on-premises resources. You can use Azure VPN gateway to build site-to-site (S2S) cross-premises VPN connection between your virtual network and your on-premises network, or VNet-to-VNet communication within the same Azure region.
What is a VPN?
A VPN, or Virtual Private Network, is a private network that encrypts and transmits data while it travels from one place to another. A VPN allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.
There are two main types of VPNs: remote access and site-to-site. A remote access VPN allows you to connect to a network from anywhere in the world. A site-to-site VPN allows you to connect two networks together, such as your home network and your office network.
Azure supports both types of VPNs. In this article, we will discuss the different types of VPNs that are supported by Azure.
Types of VPNs Supported by Azure
Azure supports the following types of VPNs:
Point-to-Site (P2S)
P2S connections are used when you have a small number of clients that need to connect to a VNET. P2S connections do not require a VPN gateway. Instead, each client computer connects directly to the VNET over SSTP or IKEv2. P2S connections are often used for legacy applications that do not work with Site-to-Site (S2S) connections. For more information about P2S connections, see Point-to-Site Connections in Azure Virtual NetworkGatewaysarticle.
Site-to-Site (S2S)
An S2S connection requires a VPN gateway and is used when you have many client computers that need to connect to a VNET. S2S connections are often used for cross-premises and hybrid configurations. For more information about S2S connections, see Site-to Site Connections in Azure Virtual NetworkGatewaysarticle.
ExpressRoute
ExpressRoute can be used as an alternative to a VPN gateway for S2S connections. ExpressRoute provides a private connection between an Azure datacenter and your on premises or co-location infrastructure without going over the public Internet
What types of VPNs are supported by Azure?
Azure supports the following three types of VPNs: Point-to-Site (P2S), Site-to-Site (S2S), and VNet-to-VNet. Point-to-Site (P2S) creates a secure connection to an Azure virtual network from an individual client computer. Site-to-Site (S2S) creates a secure connection between Azure and another VPN gateway. VNet-to-VNet creates a secure connection between two Azure virtual networks.
Point-to-Site VPN
Point-to-Site VPN uses Secure Socket Tunneling Protocol (SSTP) to exchange data with an Azure virtual network over the public Internet. SSTP tunneling protocol is a Microsoft proprietary VPN protocol that is supported on Windows Vista, Windows 7, Windows 8, and Windows 10 operating systems. Point-to-Site VPN is also known as SSTP VPN.
Site-to-Site VPN
Site-to-Site VPN
Site-to-site VPN is a type of VPN connection that allows you to connect to a remote network. The site-to-site VPN connection connects your on-premises network to an Azure virtual network over an IPsec/IKE (Internet Key Exchange) VPN tunnel. This type of VPN connection requires a VPN device located at each site. Azure supports site-to-site VPN connections with several types of VPN devices.
ExpressRoute
An ExpressRoute circuit is a dedicated connection between an Azure datacenter and your on-premises or colocated infrastructure. This type of connection doesn’t go over the public Internet, eliminating potential security risks, ensuring higher reliability and providing higher speeds. You can connect either through a public peering infrastructure provided by Azure, or through a private peering infrastructure that you set up.
Conclusion
Virtual private networks (VPNs) allow you to connect to Azure VNet so that you can securely communicate between your on-premises computers/resources and virtual machines (VMs) in Azure. VPN Gateway in Azure supports several different gateway types with various capabilities. The type of VPN gateway you need depends on what kind of connection you’re trying to create.
Azure supports the following VPN gateway types:
-Route-based gateways
-VNet-to-VNet gateways
-Policy-based gateways
VPN Gateway in Azure supports several different protocols, including:
-IKEv2
-SSTP
-OpenVPN