What VPN Types Are Supported By Azure?

If you’re looking to set up a VPN on your Azure account, you’ll need to make sure you’re using one of the supported types. In this blog post, we’ll run through the different types of VPNs supported by Azure so that you can choose the right one for your needs.

What VPN Types Are Supported By Azure?Checkout this video:

Azure Point-to-Site

Point-to-Site (P2S) VPNs are the easiest way to set up an Azure VPN. You can use P2S VPNs to connect to an Azure virtual network from anywhere, whether it’s from home, a coffee shop, or an airport. You can also connect to a P2S VPN from a mobile device. There are three types of P2S VPNs: certificate-based, SSTP, and IKEv2.

Supported VPN types

Azure supports two types of Point-to-Site VPN connections:
SSTP (Secure Socket Tunneling Protocol) and IKEv2. Both of these protocols are available natively on Windows 10. SSTP is also available on Windows Server 2012 R2, Windows 8.1, and Windows Server 2008 R2.
IKEv2 is also available on OS X 10.11 and newer with the native Apple VPN client.
OpenVPN and L2TP/IPsec are not supported as they do not use this IP address stack.

Configuration steps

There are two types of Point-to-Site connections that can be configured:

SSTP (Secure Socket Tunneling Protocol): Supported for Windows 8 and 10.
IKEv2 (Internet Key Exchange version 2): Supported for Windows 7, 8, and 10.
OpenVPN: Supported for Windows 7, 8, and 10; Mac OS X 10.10 and later; and Linux. DNS name resolution must be configured to allow the client to connect to the server by its DNS name rather than its IP address.
For more information about Point-to-Site VPN, including a list of supported client operating systems, see About Point-to-Site VPN.

Azure Site-to-Site

Azure supports three types of virtual private network (VPN) connectivity for connecting your on-premises network to an Azure virtual network: Point-to-Site, Site-to-Site, and VNet-to-VNet. This article covers the Site-to-Site type. With Site-to-Site, you can connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN gateway.

Supported VPN types

When configuring a Site-to-Site VPN connection using Azure Resource Manager, you have to specify the VPN type that’s used for the connection. The following VPN types are supported: PolicyBased, RouteBased, and Azure Gateway.

PolicyBased: Policy-based VPNs were the first type of site-to-site VPN connection supported by the Azure platform. With policy-based VPNs, traffic is filtered based on criteria specified in a security policy. All traffic that doesn’t match the policy is dropped. RouteBased: Route-based VPNs are also known as dynamic gateway VPNs. A route-based VPN uses routing to send traffic between Azure and on-premises locations across an IPsec/IKE (IKEv2) virtual private network (VPN) tunnel. A route based VPN gateway uses Border Gateway Protocol (BGP) to dynamically learn and maintain routes.
Azure Gateway: An Azure gateway is a resource that you can deploy to your subscription. After you deploy an Azure gateway, you create connections to it. You can use an Azure gateway as a PolicyBased or RouteBased VPN gateway or as an ExpressRoute gateway

Configuration steps

There are three major steps in configuring a site-to-site VPN:

Configure your on-premises VPN device to connect to Azure.
Configure Azure virtual network gateway.
Configure your on-premises VPN device to allow traffic from Azure virtual network gateway.

For step-by-step instructions on how to configure a site-to-site VPN, see Configure a site-to-site VPN using the portal.

Azure Multi-Site

Azure Multi-Site is one of the VPN types supported by Azure. Azure Multi-Site allows you to connect multiple on-premises locations to a single Azure virtual network. This type of VPN is often used by organizations that have multiple branch offices.

Supported VPN types

Azure supports the following VPN types: Point-to-Site (P2S), Site-to-Site (S2S), VNet-to-VNet, and Azure VPN Gateway. P2S creates a secure connection from an individual computer to a VNet. S2S creates a secure connection from one VNet to another. VNet-to-VNet creates a secure connection between two VNets using a VPN gateway. Azure VPN Gateway connects all of your on premises network to an Azure virtual network.

Configuration steps

Azure multi-site connections allow you to connect your on-premises network to Azure virtual networks (VNets) in multiple regions. By using a multi-site connection, you can build cross-region VNet-to-VNet connectivity or site-to-site connectivity between your on-premises network and VNets. You can also connect VNets to each other without needing a Gateway, providing you with enhanced security and performance.

To create a multi-site connection, you need the following:

1. A supported VPN device that is configured for point-to-point tunneling protocol (PPTP), layer 2 tunneling protocol (L2TP) over IPsec, or secure sockets tunneling protocol (SSTP). For more information about compatible VPN devices, see About VPN Devices for Site-to-Site Connections.
2. A public DNS name for your VPN device. This can be obtained from your Internet service provider (ISP).
3. Static public IP addresses for your VPN device and any NAT devices in front of it. These static IP addresses must not be assigned to any other device on the Internet. If you do not have static public IP addresses, you can use a dynamic DNS service such as noip.com or dynu.com to map your dynamic IP address to a static hostname, which then can be used as your public DNS name for the VPN device. You will need one unique hostname for each WAN interface on your VPN device if it is configured for HA. For more information about high availability for Azure VPN Gateway, see About High Availability for Azure VPN Gateway
4. Your on-premises network configuration including default gateway and any firewalls or routers that need to be configured
5

Leave a comment

Your email address will not be published. Required fields are marked *