If you’re looking to set up a VPN on your Azure account, you’ll need to know which types are supported. In this blog post, we’ll go over the different VPN types that can be used with Azure.
Checkout this video:
Introduction
Microsoft Azure supports different types of VPN tunnels. Site-to-Site connections can be used to create a hybrid solution, or whenever you need secure communications between your on-premises networks and your virtual networks. Point-to-Site VPNs are used when you have members of your team who need to connect to your Azure VMs, either from the office or while they are travelling. This type of connection does not require a VPN device.
What is Azure?
Azure is Microsoft’s cloud computing platform. It provides a variety of services, including compute, storage, networking, and analytics. Azure also supports a number of different VPN types to allow you to connect your on-premises networks with your Azure resources. The VPN types that are supported by Azure are:
-Point-to-Site (P2S)
-Site-to-Site (S2S)
-ExpressRoute
P2S connections are typically used to connect an individual computer or device to an Azure virtual network. P2S connections do not require a VPN gateway appliance. S2S connections are typically used to connect an on-premises network with an Azure virtual network. S2S connections require a VPN gateway appliance. ExpressRoute connections are used to connect an on-premises network with an Azure virtual network using a private connection that bypasses the public internet.
What is a VPN?
A VPN, or Virtual Private Network, is a technology that allows you to create a secure connection over a less-secure network between your computer and the internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.
There are three main types of VPNs: remote-access, intranet-based, and extranet-based.
Remote-access VPNs allow users to connect to a private network from anywhere in the world. This type of VPN is often used by telecommuters and traveling businesspeople who need to stay connected to their company’s private network.
Intranet-based VPNs are used by businesses to connect branches or remote offices to each other over the internet. An intranet-based VPN uses dedicated connections, usually implemented with specialised hardware such as T1 lines or ISDN circuits, through a service provider.
Extranet-based VPNs connect two or more business networks, such as two branch offices of the same company or a company and its business partner. An extranet-based VPN extends an organization’s internal network by adding an external link between networks. This type of VPN usually uses IPsec or MPLS protocols.
What are the different types of VPNs?
The Azure VPN gateway supports the following VPN types:
– Point-to-Site (VPN over IKEv2 or SSTP)
– Site-to-Site (VPN over IKEv2, IPsec, or SSTP)
– VNet-to-VNet
– ExpressRoute
Point-to-Site (VPN over IKEv2 or SSTP)
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual private network (VPN) so that you can connect to your VNet from an individual computer. P2S is available for the Resource Manager deployment model only.
To use P2S, you must have a public IP address assigned to your computer. This is the same type of certificate that is used with an SSL certificate. The client certificate must have Client Authentication as one of the extended uses in the certificate – this will be true for self-signed certificates and certificates issued from a root authority. If you are using a certificate that was not issued by a root authority, you will also need to install the issuing CA certificate on the client computer. For more information about generating self signed certificates, see Create Certificates for Point – to – Site Connections. If you are using Azure Active Directory Authentication with your P2S connection, then AD Certificate Authentication can be used instead of client certificates.
Site – to – Site (VPN over IKEv2, IPsec, or SSTP)
A Site – to – Site (S2S) VPN gateway connection is a connection over IPsec or Secure Socket Tunneling Protocol (SSTP). An S2S connection requires a VPN device located at each site. Azure supports both policy – based and route based VPNs. Policy based VPNs uses Internet Security Association and Key Management Protocol (ISAKMP)/Phase1 and Phase 2 policies whereas Route based VPNs uses BGP Routing protocol for dynamic routing
Both VyOS and pfSense firewalls supportpolicy based Azure site – to – site IPSec v1 and v2
To learn more about pfSense configurations please refer documentation below
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec_site_to_site_configuration.html
To learn more about VyOS configurations please refer documentation below
https://help.vyos.io/en/stable/routing/ipsec_site_to_site_tunneling_gre.html
Both Cisco ASA and Juniper SRX firewalls support route based Azure site – to side IPSec v1 only
The following documentation can help understanding Cisco ASA configurations with Azure route based vpn
https://www.cisco.com/c/en/us/td/docs/security/asa/asa98updates4and5 /asa985 /configuration /general /confg_guide /gateway .html#wp1047625
The following documentation can help understanding Juniper SRX configurations with Azure route based vpn
https://kb .juniper .net / InfoCenter / en _ US / index ? page = content & id = KB17252
What are the benefits of using a VPN?
There are many benefits of using a VPN, including increased security and privacy, better performance, and greater flexibility. VPNs can provide these benefits by encrypting your traffic and routing it through a secure tunnel. This tunnel prevents anyone from eavesdropping on your traffic or snooping on your activities. Additionally, VPNs can improve your performance by bypassing internet filters and restrictions, and they can provide you with greater flexibility by allowing you to access blocked content or geo-restricted websites.
How to set up a VPN on Azure
VPN Gateway supports the following VPN types:
-Point-to-Site (P2S) VPNs
-Site-to-Site (S2S) VPNs
P2S VPNs are used to connect individual clients, such as laptops and desktops, to an Azure VNet. P2S is a very common deployment model when you need secure access to on-premises resources over the Internet. You can use native Azure networking to connect your P2S VPN clients to Site-to-Site (S2S) VPNs, ExpressRoute circuits, or virtual hub gateways in your Azure Virtual Network (VNet).
S2S VPNs are used to connect an on-premises network or a decode VNet with an Azure VNet. S2S connections can be deployed using a Resource Manager template or deprecated Classic deployment model. You can also use S2S connections with virtual hub gateways in your Azure VNet.
Conclusion
Azure supports several types of VPNs. You can choose from Point-to-Site, Site-to-Site, or Hybrid VPNs, depending on your needs. Point-to-Site is best for small networks or remote workers, while Site-to-Site is best for large businesses or organizations with multiple locations. Hybrid VPNs are a combination of the two, and offer the best of both worlds.