What is VPN Gateway?

• A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet
• Each virtual network can have only one VPN gateway (can create multiple connections to the same VPN gateway)
• Details: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Usage

• Site-to-Site VPN connection (connecting on-premise network to Azure vNet)
• Point-to-Site VPN connection

Important points

VPN Gateway currently only supports Dynamic Public IP address allocation. You cannot request a Static Public IP address assignment. However, this does not mean that the IP address will change after it has been assigned to your VPN gateway. The only time the Public IP address changes is when the gateway is deleted and re-created.

• Public IP address for GatewaySubnet
  • VPN Gateway requires a public IP address
  • Assignment for that public IP address: Dynamic (only supports Dynamic Public IP address allocation for now, as discussed above)
  • If you want create public IP address for GatewaySubnet in advance, create a Basic, Dynamic public IP address (you can also add public IP address during VPN Gateway creation)
• No NSG for VPN Gateway
  • When working with gateway subnets, avoid associating a network security group (NSG) to the gateway subnet
  • Associating a network security group to this subnet may cause your Virtual Network gateway(VPN, Express Route gateway) to stop functioning as expected
• GatewaySubnet
  • a vNet can only have one GatewaySubnet
  • vNet > settings: Subnets > initially ‘+ Gateway Subnet’ will be active
  • Once a GatewaySubnet is added, ‘+ Gateway Subnet’ will be disabled (because one vNet can only have one GatewaySubnet)
• It will take some time i.e. 30+ minutes to deploy vNet gateway

Creating VPN Gateway

• Create public IP address (will be assigned to VPN Gateway)
  • SKU: Basic
  • Assignment: Dynamic
  • Other settings
• Create Virtual Network
• vNet > Settings: Subnet > Click ‘+ Gateway Subnet’
  • Gateway subnet can be added from here only
  • Address space: 10.1.1.0/26 (example)
  • Once a GatewaySubnet is added, ‘+ Gateway Subnet’ will be disabled (because one vNet can have only one GatewaySubnet)
• Create VPN Gateway
  • https://portal.azure.com/#create/Microsoft.VirtualNetworkGateway
  • Fillup settings
  • Create
• https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal

Next

• Site to site vpn connection
• Point to site vpn connection

Links

• VPN Gateway settings: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
• https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal