A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet
Each virtual network can have only one VPN gateway (can create multiple connections to the same VPN gateway)
Site-to-Site VPN connection (connecting on-premise network to Azure vNet)
Point-to-Site VPN connection
Important points
Public IP address for GatewaySubnet
VPN Gateway requires a public IP address
Assignment for that public IP address must be: Dynamic
If you want create public IP address for GatewaySubnet in advance, create a Basic, Dynamic public IP address (you can also add public IP address during VPN Gateway creation)
No NSG for VPN Gateway
When working with gateway subnets, avoid associating a network security group (NSG) to the gateway subnet
Associating a network security group to this subnet may cause your Virtual Network gateway(VPN, Express Route gateway) to stop functioning as expected
GatewaySubnet
a vNet can only have one GatewaySubnet
vNet > settings: Subnets > initially ‘+ Gateway Subnet’ will be active
Once a GatewaySubnet is added, ‘+ Gateway Subnet’ will be disabled (because one vNet can only have one GatewaySubnet)
It will take some time i.e. 30+ minutes to deploy vNet gateway
Creating VPN Gateway
Create public IP address (will be assigned to VPN Gateway)