Azure supports different types of VPNs. You can use Azure to connect sites using the following VPN types: Point-to-Site, Site-to-Site, VNet-to-VNet, and Multi-Site.
Checkout this video:
Azure Point-to-Site
Azure Point-to-Site (P2S) VPNs are a type of VPN connection that use Secure Socket Tunneling Protocol (SSTP) to connect to an Azure virtual network over a Secure Sockets Layer (SSL) / Transport Layer Security (TLS) connection. SSL/TLS provides a more secure connection than Internet Protocol security (IPsec) protocols.
Supported VPN types
Azure supports three types of Point-to-Site (P2S) VPN protocols:
Secure Socket Tunneling Protocol (SSTP). SSTP uses SSL to provide a secure and seamless connection. It is supported on most versions of Windows.
OpenVPN. OpenVPN uses SSL/TLS for security and is available on most platforms, including Android and iOS.
IKEv2/IPsec. IKEv2/IPsec uses strong cryptography to ensure security. It is supported on many platforms, including iOS.
Configuration steps
Configuring a Point-to-Site VPN in Azure is very easy and only requires a few clicks. This guide will show you how to set up a Point-to-Site VPN using Azure PowerShell.
Before you begin, you will need the following:
1. An Azure account with an active subscription. If you don’t have an account, you can sign up for a free trial.
2. The Azure PowerShell module installed on your local machine. For more information on installing the module, see the Azure PowerShell docs.
3. A public DNS name for your VPN gateway. This can be any valid DNS name, such as “vpn-gw.contoso.com”.
4. A certificate for your VPN gateway. This can be either a self-signed certificate or one issued by a CA. For more information on creating a self-signed certificate, see Create Self-Signed Certificates in Azure PowerShell.
Azure Site-to-Site
Azure supports two types of site-to-site VPNs: Policy-based and Route-based. Policy-based VPNs use encryption and authentication policies for traffic security. Route-based VPNs, on the other hand, use Border Gateway Protocol (BGP) routes for traffic security. You can learn more about the differences between the two VPN types in this article.
Supported VPN types
Azure supports the three most common VPN protocols:
1. Point-to-Site (P2S): A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. P2S VPN connections are useful when you want to connect to your VNet from a remote location, such as from home or a conference. All traffic that passes through the P2S connection is encrypted and traffic from all applications on your computer is sent through the P2S VPN tunnel. Azure supports SSTP and IKEv2 point-to-site connections that use native Azure certificate authentication, or RADIUS authentication.
2. Site-to-Site (S2S): Site-to-Site (S2S) VPN gateway connections are used when you have many cloud resources or sites that you want to connect together using a single Virtual Network (VNet). You can also use an S2S VPN gateway to connect hybrid resources located onpremises with those located in Azure by using an ExpressRoute circuit or Public Peering. Azure supports policyBased and routeBased S2S VPN gateways that use IKEv2 with IPsec encryption, including
3. Multi-Protocol Label Switching (MPLS). While policyBased gateways require static routes, routeBased gateways can work with dynamic routing protocols such as Border Gateway Protocol (BGP). You can also deploy DRA in your onpremises network for failover capabilities if one of yourtis Internet connections goes down.
3. ExpressRoute: ExpressRoute lets you create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment. ExpressRoute connections don’t go over the public Internet, and they offer higher security, reliability and speeds with lower latencies than typical Internet connections
Configuration steps
You can configure a site-to-site VPN in the Azure portal using the Resource Manager deployment model. The steps to configure a site-to-site VPN using the Resource Manager deployment model are:
1) Create a virtual network
2) Create an internal load balancer
3) Configure a gateway subnet
4) Create a local network gateway
5) Configure your VPN device
6) Create a connection
Azure Multi-Site
Azure Multi-Site allows you to create a secure connection between multiple on-premises sites and your Azure virtual network. This type of VPN is often used by businesses with multiple locations. Azure Multi-Site uses the same protocols as Azure Site-to-Site, so you can use either Policy-Based or Route-Based VPNs.
Supported VPN types
Azure supports two types of VPN gateway: PolicyBased and RouteBased. PolicyBased VPNs were the first type of gateway supported by Azure. RouteBased VPNs are also known as dynamic gateways. PolicyBased VPNs are supported only for the IKEv1 protocol. RouteBased VPNs are supported for both IKEv2 and SSL protocols.
Configuration steps
If you want to configure a multi-site VPN in Azure, you’ll need to take the following steps:
1. Create a resource group.
2. Create a virtual network gateway.
3. Create a Local Network Gateway.
4. Configure your VPN client.