Azure VPN Gateway

Azure VPN Gateway provides encrypted, cross-premises connectivity between your Azure virtual networks and on-premises infrastructure over the public internet. It is the primary service for extending your on-premises network into Azure using industry-standard IPsec/IKE VPN tunnels.

What Is a VPN Gateway?

A VPN Gateway is a specific type of virtual network gateway deployed into a dedicated GatewaySubnet in your VNet. It establishes encrypted tunnels using IPsec/IKE protocols, allowing secure communication between:

On-premises networks and Azure (Site-to-Site)
Individual devices and Azure (Point-to-Site)
Two Azure VNets (VNet-to-VNet)

Connection Types

Site-to-Site (S2S)

Connects an on-premises network to an Azure VNet over an IPsec/IKE tunnel. Requires a VPN device or software gateway on the on-premises side.

On-premises network <--IPsec tunnel--> Azure VPN Gateway <--> Azure VNet

Supports IKEv1 and IKEv2
Requires a public IP on the on-premises VPN device
Ideal for hybrid cloud scenarios

Point-to-Site (P2S)

Connects individual client devices (laptops, workstations) to an Azure VNet. No on-premises VPN device needed.

Remote user (laptop) <--VPN tunnel--> Azure VPN Gateway <--> Azure VNet

Supported protocols:

Azure VPN Gateway

Azure VPN Gateway

What Is a VPN Gateway?

Connection Types

Site-to-Site (S2S)

Point-to-Site (P2S)

More in Cloud