Azure VPN Gateway – Integrating On-Premises Networks with Azure

Azure VPN Gateway

Azure VPN Gateway provides a secure gateway that can be used for sending encrypted traffic over the internet between an Azure virtual network and an on-premises location. This gateway can be used for sending encrypted traffic between different Azure virtual networks and the Microsoft networks as well.

For each virtual network, you can only have one VPN gateway. You can, however, create multiple connections to the same VPN gateway. When creating multiple connections, all the VPN tunnels will share the available gateway bandwidth.

A virtual network gateway is created with two or more virtual machines (VMs) that are deployed in a gateway subnet. This is a specific subnet that is created for the VPN connection. The VMs that are deployed in the gateway subnet are created at the same time as the virtual network gateway is created. The VMs are then configured to contain specific gateway services and routing tables to connect to the gateway in Azure. It is not possible to configure the gateway services and routing tables manually. All gateway stock keeping unit (SKUs) except for the Basic SKU include 128 Point-to-Site (P2S)connections in the price.

Azure VPN Gateway offers the following pricing tiers:

• Basic: This tier provides a maximum of 10 S2S/virtual network (VNet)-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 100 Mbps.

• VpnGw1: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 250 P2S connections. The average bandwidth is 650 Mbps.

• VpnGw2: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 500 P2S connections. The average bandwidth is 1 Gbps.

• VpnGw3: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 1,000 P2S connections. The average bandwidth is 1.25 Gbps.

• VpnGw4: This tier provides a maximum of 100 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 5,000 P2S connections. The average bandwidth is 5 Gbps.

• VpnGw5: This tier provides a maximum of 100 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 10,000 P2S connections. The average bandwidth is 10 Gbps.

There is also the option for an availability zone (AZ) variation of each Gateway SKU, except for Basic, denoted with a suffix of AZ, for example, VpnGw4AZ. They offer similar specifications and are as follows:

• VpnGw1AZ: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 650 Mbps.

• VpnGw2AZ: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 1 Gbps.

• VpnGw3AZ: This tier provides a maximum of 30 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 3 Gbps.

• VpnGw4AZ: This tier provides a maximum of 100 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 6 Gbps.

• VpnGw5AZ: This tier provides amaximum of 100 S2S/VNet-to-VNet tunnels (10 are included in the price) and a maximum of 128 P2S connections. The average bandwidth is 10 Gbps.

For better redundancy (high-availability) options, it is, of course, better to select the AZ variant, but understand that it costs significantly more than the standard SKU. This would be desirous for customers and workloads where constant connectivity is essential to operations and downtime would be costly to the client. Next, we will explore S2S VPN connections.