Tuesday, September 14, 2021

Configuring a VPN Gateway

A VPN gateway connection relies on multiple resources that are configured with specific settings. Most of the resources can be configured separately, although some resources must be configured in a certain order.

Reference Microsoft Docs

Design

It's important to know that there are different configurations available for VPN gateway connections. You need to determine which configuration best fits your needs. For example, Point-to-Site, Site-to-Site, and coexisting ExpressRoute/Site-to-Site connections all have different instructions and configuration requirements. For information about design and to view connection topology diagrams, see Design.

Planning table

The following table can help you decide the best connectivity option for your solution.

Point-to-SiteSite-to-SiteExpressRoute
Azure Supported ServicesCloud Services and Virtual MachinesCloud Services and Virtual MachinesServices list
Typical BandwidthsBased on the gateway SKUTypically < 1 Gbps aggregate50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps
Protocols SupportedSecure Sockets Tunneling Protocol (SSTP), OpenVPN and IPsecIPsecDirect connection over VLANs, NSP's VPN technologies (MPLS, VPLS,...)
RoutingRouteBased (dynamic)We support PolicyBased (static routing) and RouteBased (dynamic routing VPN)BGP
Connection resiliencyactive-passiveactive-passive or active-activeactive-active
Typical use caseSecure access to Azure virtual networks for remote usersDev / test / lab scenarios and small to medium scale production workloads for cloud services and virtual machinesAccess to all Azure services (validated list), Enterprise-class and mission critical workloads, Backup, Big Data, Azure as a DR site
SLASLASLASLA
PricingPricingPricingPricing
Technical DocumentationVPN Gateway DocumentationVPN Gateway DocumentationExpressRoute Documentation
FAQVPN Gateway FAQVPN Gateway FAQExpressRoute FAQ
Posted by at

VPN Gateway, Peering in Azure!!

When I was studying about AZ-303 exam. I found a lot of confusion about vnet peering, vnet gateway, subnet gateway, hence thought to pen down below.

What is VPN Gateway?

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. 

You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. 

Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

What is a virtual network gateway?

A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. 

Virtual network gateway VMs contain routing tables and run specific gateway services. These VMs are created when you create the virtual network gateway. You can't directly configure the VMs that are part of the virtual network gateway.

When you configure a virtual network gateway, you configure a setting that specifies the gateway type. The gateway type determines how the virtual network gateway will be used and the actions that the gateway takes. The gateway type 'Vpn' specifies that the type of virtual network gateway created is a 'VPN gateway'. This distinguishes it from an ExpressRoute gateway, which uses a different gateway type. A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway. For more information, see Gateway types.

Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. 

When you create a virtual network gateway, gateway VMs are deployed to the gateway subnet and configured with the settings that you specify. 

After you create a VPN gateway, you can create an IPsec/IKE VPN tunnel connection between that VPN gateway and another VPN gateway (VNet-to-VNet),

 or 

create a cross-premises IPsec/IKE VPN tunnel connection between the VPN gateway and an on-premises VPN device (Site-to-Site). 


You can also create a Point-to-Site VPN connection (VPN over OpenVPN, IKEv2, or SSTP), which lets you connect to your virtual network from a remote location, such as from a conference or from home.


VNet Peering vs VPN Gateway

You can also use VPN gateways to establish connectivity between VNets.

Components
  • VPN gateway within a special subnet called GatewaySubnet.
  • Public IP addressing for each VPN gateway to establish the connection.
  • IPSec IKE site-to-site VPN tunnel that ensures all traffic is encrypted.
Which one to use?
  • VNet peering: Designed for VNet-to-Vnet connectivity. Typically used for private low-latency interconnectivity.
  • VPN gateway: Designed for hybrid connectivity. Generally used where encryption and/or transitive routing is needed.
  • VNet Peering and VPN Gateways can also co-exist via gateway transit

Reference : Microsoft  






Posted by at
Subscribe to: Posts (Atom)