S2S VPN connections – Integrating On-Premises Networks with Azure

2021-06-152021-06-15| Zoe PetersonS2S VPN connections – Integrating On-Premises Networks with Azure| 0 Comment| 10:02 AM
Categories :

S2S VPN connections

An S2S VPN gateway connection is a connection over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. These connections can be used for hybrid configurations and cross-premises configurations. It is designed to create a secure connection between a location and your virtual network over the internet. The location can be an office or even another VPN gateway, as an example. Once the S2S VPN connection is configured, you can connect every device from that location to Azure using the same VPN location.

An S2S connection requires a compatible VPN device located on-premises that has a public IP address assigned to it. It should not be located behind a NAT. S2S connections are designed to be persistent in nature and always on; this is not required, of course, but important to understand the intended design.

Top Tip

For more information about the compatible VPN devices, you can refer to the following documentation: https://docs.microsoft.com/en-us/ azure/vpn-gateway/vpn-gateway-vpn-faq#s2s.

The following diagram shows an S2S VPN connection from an on-premises environment to Azure:

Figure 17.1 – S2S VPN tunnel

In the next section, we are going to look at multi-site VPNs.

Multi-site VPN connections

A multi-site VPN connection is a variation of the S2S connection. You use this type of connection for connecting to multiple on-premises sites from your virtual network gateway. It is required that multi-site connections use a route-based VPN type gateway. All connections through the gateway will share the available bandwidth. This is because each virtual network can only have one VPN gateway.

The following diagram shows a multi-site VPN connection from an on-premises environment to Azure:

Figure 17.2 – Multi-site VPN tunnels

In the next section, we are going to look at the P2S VPN.

P2S VPN connections

A P2S VPN gateway connection is designed to create a secure connection between an individual client and your virtual network over the internet. It is established from the client’s computer and is useful for people who are working from different locations, such as from their home or from a hotel. A PS2 VPN is also the best solution if you only have a few clients to connect to a virtual network.

A P2S connection does not require an on-premises, public-facing IP address as S2S VPN connections do. You are able to use P2S connections together with S2S connections over the same VPN gateway. You need to make sure that the configuration requirements for both connections are compatible so that you can use both connection types over the same gateway.

The following diagram shows a P2S VPN connection from an on-premises environment to Azure:

Figure 17.3 – P2S VPN tunnel

In the next section, we are going to look at ExpressRoute.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Load Balancer SKUs – Configuring Load Balancing

2023-06-152023-06-15 Zoe PetersonLoad Balancer SKUs – Configuring Load Balancing

Load Balancer SKUs Azure Load Balancer comes with two different SKU options, Basic and Standard. [...]

Read MoreRead More

Configuring private endpoints – Implementing and Managing Virtual Networking

2024-09-042024-09-04 Zoe PetersonConfiguring private endpoints – Implementing and Managing Virtual Networking

Configuring private endpoints Azure Private Link enables you to access Platform as a Service (PaaS) [...]

Read MoreRead More

Creating NSG rules – Securing Access to Virtual Networks

2024-05-202024-05-20 Zoe PetersonCreating NSG rules – Securing Access to Virtual Networks

Creating NSG rules Now that we have associated the NSG with its default rules with [...]

Read MoreRead More