Last updated on January 25, 2025
Azure VPN Gateway Cheat Sheet
- A secured hybrid cloud architecture.
- It is composed of gateway subnet, tunnel, and on-premises gateway.
- Protocols: Internet Protocol Security (IPsec) and Internet Key Exchange (IKE)
- VPN gateway connections: VNet-to-VNet, Site-to-Site, and Point-to-Site
- Create a secure connection from your on-premises network to an Azure virtual network with a site-to-site VPN.
- VNet-to-VNet connection automatically routes to the updated address space, if you updated the address space on the other VNet.
- If you need to establish a connection to your virtual network from a remote location, you can use a point-to-site (P2S) VPN.
- You can also have one VPN gateway with more than one on-premises network using a Multi-Site connection.
Routing
- Policy-based gateway
-
- Implements a policy-based VPN.
- Policy-based VPNs are used to encrypt and direct packets to IPsec tunnels.
- The policy or traffic selector is defined as an access list in the VPN configuration.
- You cannot change a policy-based VPN to a route-based VPN, and vice versa.
- Route-based gateway
-
- Implements a route-based VPN.
- Route-based VPNs use routes in the routing table to direct packets to tunnel interfaces.
- Tunnel interfaces can encrypt and decrypt packets.
- The policy or traffic selector are configured as wild cards (any-to-any).
Connection Resiliency
- In an active-active configuration, each Azure VPN gateway instance will establish S2S VPN tunnels and the traffic will be routed to multiple tunnels.
- For active-passive configuration, the standby instance would only take over if a disruption happens on the active instance.
Details |
Site-to-Site |
Point-to-Site |
Supported Services |
Cloud Services and Virtual Machines |
Cloud Services and Virtual Machines |
Bandwidths |
Typically < 1 Gbps aggregate |
Based on the gateway SKU |
Protocols |
IPsec |
Secure Sockets Tunneling Protocol (SSTP), OpenVPN and IPsec |
Routing |
We support PolicyBased (static routing) and RouteBased (dynamic routing VPN) |
RouteBased (dynamic) |
Connection resiliency |
active-passive or active-active |
active-passive |
Use case |
Dev / test / lab scenarios and small scale production workloads for cloud services and virtual machines |
Prototyping, dev / test / lab scenarios for cloud services and virtual machines |
Azure VPN Gateway Pricing
- You are billed hourly for the compute costs of the VNet gateway.
- You are charged for the egress data transfer from the virtual network gateway.
- You are only charged by the VPN Gateway when you transfer data between two different regions, except with Point-to-Site VPN.
Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.
Validate Your Knowledge
Question 1
Question Type: Single-choice
Your company is planning to migrate some of its servers to Azure. You need to recommend a solution wherein users can work remotely by having a secure connection to your Azure virtual machines.
What should you include in the recommendation?
- ExpressRoute
- Point-to-Site VPN Connection
- Site-to-Site VPN Connection
- Traffic Manager
Question 2
Question Type: Multiple-choice
Your company is currently hosting a mission-critical application in an Azure virtual machine that resides in a virtual network named TDVnet1
. You plan to use Azure ExpressRoute to allow the web applications to connect to the on-premises network.
Due to compliance requirements, you need to ensure that in the event your ExpressRoute fails, the connectivity between TDVnet1
and your on-premises network will remain available.
The solution must utilize a site-to-site VPN between TDVnet1
and the on-premises network. The solution should also be cost-effective.
Which three actions should you implement? Each correct answer presents part of the solution.
- Configure a Azure Virtual WAN
- Configure a VPN gateway with
VpnGw1
as its SKU. - Configure a VPN gateway with
Basic
as its SKU. - Configure a local network gateway.
- Configure a connection.
For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:
Azure VPN Gateway Cheat Sheet References:
https://azure.microsoft.com/en-us/services/vpn-gateway/
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!
Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!
View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses