It allows enterprises to link their on-premises infrastructure or individual devices to the Azure virtual network through a secure connection. Not only does it ensure security and prevent unauthorized access, but it also ensures compliance with industry regulations.
Let’s discuss all the VPN types Azure supports – P2S (Point-to-Site) and S2S (Site-to-Site); you can create multi-site using the S2S and ExpressRoute.
VPN Types That Azure Supports
Azure currently supports three VPN types: P2S (Point-to-Site), S2S (Site-to-Site), and ExpressRoute.
Each type of VPN connection or virtual network gateway is designed to send encrypted traffic between different locations, whether it’s between an Azure network and an on-premises network or between multiple Azure virtual networks over the Microsoft network.
Azure supports multiple types of virtual network gateways to help businesses choose the best solution for their specific needs.
Here’s a closer look at each type of VPN you can use with Azure VPN gateways.
Azure P2S (Point-to-Site) VPN
A Point-to-Site VPN is a type of VPN connection that allows you to connect to an Azure virtual network from a remote location, such as a home office or a remote work site. You can set it up using the Azure VPN gateway and the native VPN client on your Windows PC.
You won’t need to install any additional software for P2S VPN to work. You can also connect to Azure from anywhere worldwide because it uses SSTP (Secure Socket Tunneling Protocol), which passes through almost all firewalls.
P2S VPN comes in handy in a wide range of scenarios, such as:
- Allowing remote workers to access company resources securely from anywhere with an Internet connection.
- Providing secure access to Azure resources for development and testing.
- Enabling access to Azure resources for third-party vendors or partners.
Other than SSTP, Point-to-Site VPN also supports the following VPN protocols.
IKEv2 (Internet Key Exchange version 2) is a standards-based VPN protocol that establishes a secure connection between two devices. It’s commonly used in IPsec VPN solutions and operates on outbound UDP ports 4500 and 500 and IP protocol number 50.
The IKEv2 protocol is known for its stability and reliability and is often considered more secure than other VPN protocols, such as PPTP and L2TP. However, it doesn’t pass through some firewalls and proxies.
OpenVPN is an open-source VPN protocol that uses the SSL/TLS protocol to establish a secure connection between devices. It is known for its flexibility and easily passes through most firewalls and proxies. It uses the outbound TCP port 443.
Azure S2S (Site-to-Site) VPN
A Site-to-Site VPN in Azure allows for secure connections of an on-premises network to Azure. It uses the IPsec/IKE VPN protocol, which is generally accepted and compatible with most VPN hardware.
Before configuring a Site-to-Site VPN connection, it is important to ensure that the following are ready:
- A compatible VPN device and someone who knows how to configure the VPN on it
- An external-facing public IPv4 address for the device
- Decent on-premises bandwidth (at least higher than 10 Mbps)
A Multi-Site VPN is a subtype of Site-to-Site. As the name implies, it allows multiple on-premises sites to connect to a single Azure network instead of just one. The prerequisites for using this type of VPN connection are similar to S2S (Site-to-Site) type. This creates a unified network across all locations, enabling secure communication and resource access for all connected sites.
The last type of VPN that Azure supports is known as ExpressRoute. It allows you to create a direct connection between the Azure network and your WAN (Wide Area Network) instead of VPN connections made through the public internet.
This type of connection offers better speed, reliability, and security compared to a regular internet connection.
Along with these benefits, the ExpressRoute also offers several distinct features, including the following:
- ExpressRoute VPN has the built-in capability to connect to Microsoft cloud services, such as MS Office 365 and Microsoft Azure
- It provides multiple bandwidth options to choose from, such as 2 Gbps, 1 Gbps, 500 Mbps, 200 Mbps, 100 Mbps, and 50 Mbps
- It offers ExpressRoute Direct, allowing you to connect directly to the Microsoft global network. It also provides 10 Gbps or 100 Gbps connectivity
- You’ll also have access to multiple data plans, including the Metered data plan and Unlimited data plan
Advantages of Using VPN in Azure
A VPN in Azure acts as a virtual network gateway and allows you to send/receive data between your on-premises location and Azure virtual network in an encrypted form. It protects your sensitive organizational data from hackers and other malicious actors.
Here’s a list of benefits using a VPN in Azure offers.
Secure Remote Access
A VPN allows remote users to securely connect to an Azure virtual network and access resources as if they were on the same local network. This can be especially useful for employees who need to access company resources while working remotely.
ExpressRoute is a VPN that provides a dedicated, private connection to Azure. It works best for applications that require high-speed connections and low latency.
Compliance and Security
VPNs encrypt the data in transit, which can help protect sensitive data and comply with industry regulations such as HIPAA, PCI-DSS, and others.
Connect On-Premises Networks to Azure
A Site-to-Site (S2S)/Multi-Site VPN allows you to connect your on-premises network(s) to Azure, allowing resources in both environments to communicate with each other securely. In addition, it’s also possible to create your own VPN routers or deploy your own VPN servers or gateways in Azure.
While all the VPN types that Azure supports can be used to connect with the platform, each type has its weaknesses and strengths that you must understand. Then, it will help you choose the best solution based on your requirements.
Generally, using the Point-to-Site VPN will be the best option if your company has remote employees. But if your organization has an on-premises network, Site-to-Site will suit you better (if multiple on-premises networks, then Multi-Site).
Lastly, if you want to create a direct connection from your WAN to Azure, ExpressRoute will be your best option.