Azure Vpn Gateway

Azure VPN Gateway is a service that can be used to send encrypted traffic between an Azure virtual network and on-premises locations over the public Internet.

You can also use VPN Gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.

Here are some of the key scenarios for VPN Gateway:

Site-to-site connection: A cross-premises IPsec/IKE VPN tunnel connection between the VPN gateway and an on-premises VPN device.

Diagram that shows site-to-site VPN gateway cross-premises connections.

Site-to-site connections can be used for cross-premises and hybrid configurations. A site-to-site connection requires a VPN device located on-premises that has a public IP address assigned to it.

VPN Gateway can be configured in active-standby mode using one public IP or in active-active mode using two public IPs

Now, imagine it in two different setups:

  1. Active-Standby Mode: It's like having a backup plan. You have one main route (the active tunnel) that your data travels through, and if there's a problem, like a roadblock, your data switches to the backup route (the standby tunnel). This helps to keep things running smoothly even if there are issues.

  2. Active-Active Mode: Here, both routes are open at the same time, like having two lanes on a highway instead of one. This setup not only provides redundancy like the first one but also lets you use both routes simultaneously, which can handle more traffic and make things faster.

Diagram of site-to-site VPN Gateway cross-premises connections with multiple sites.

Point-to-site VPN

VPN over OpenVPN, IKEv2, or SSTP. This type of connection lets you connect to your virtual network from a remote location, such as from a conference or from home.

Diagram of point-to-site connection showing how to connect from a computer to an Azure VNet.