What VPN Types Are Supported By Azure?

The different types of VPNs supported by Azure are Point-to-Site, Site-to-Site, VNet-to-VNet, and Multisite. You can use any of these VPN types to connect Azure virtual networks to each other, or connect on-premises networks to Azure virtual networks.

What VPN Types Are Supported By Azure?Checkout this video:

Azure Point-to-Site

Azure Point-to-Site (P2S) creates a secure connection to an Azure virtual network from an individual computer. P2S is a connection type that is most commonly used by remote workers to access resources on an internal corporate or private network, usually a virtual private network (VPN). There are three VPN types that are supported by Azure: SSTP, IKEv2, and OpenVPN.


There are three types of VPNs that Azure supports: Point-to-Site (P2S), Site-to-Site, and Multi-Site. You can use any type of VPN with Azure. P2S is the simplest and tend to be less expensive. S2S requires a gateway, which adds cost and complexity. Multi-Site is like S2S on steroids, handling more complicated scenarios. The type of VPN you choose depends on your needs.

P2S creates a secure connection between your computer and a server located in Azure. P2S is often used by developers when they need to connect to an Azure virtual machine (VM) or service. P2S doesn’t require a gateway, making it simpler and less expensive than S2S.

With S2S, you have a VPN device, or gateway, located on-premises. The gateway establishes a secure connection with an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. All traffic from your on-premises locations to Azure resources in the virtual network traverses this single VPN connection integrated with your gateway device.

Multi-Site creates two or more S2S connections from your gateway(s) to Azure. Traffic can be routed between your on-premises locations and Azure resources through all connected sites for redundancy or for additional security by encrypting traffic across the connection through an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel using different policies for each site link.


To connect to a VNet using Point-to-Site, you need the following:

An Azure account with an active subscription. If you don’t have an account, you can create a free account.
A Virtual Network configured with a Point-to-Site Gateway. For more information, see Configure a Point-to-Site connection to a VNet using the Azure portal
The public key for each client computer that will connect to the VNet.
The root certificate for the gateway VPN server certificate for all clients that connect to this specific VNet gateway. You generate this certificate and upload it in the Azure portal. You install the client certificates and related root certificate on each client computer that will connect to the VNet.


When you create a Point-to-Site VPN connection, you must specify the IP address range for the VPN client address pool. You also need to specify the name of the root certificate that is to be used. Azure supports two types of authentication for Point-to-Site VPN connections:
With EAPTLS, client certificates are generated by an on-premises Public Key Infrastructure (PKI) using your own Certificate Authority (CA). This type of certificate is also known as a Personal Information Exchange (PFX) certificate. OpenVPN uses open source technology to generate certificates.

Azure Site-to-Site

There are three types of VPNs that can be configured in Azure: site-to-site, point-to-site, and express route. Site-to-site VPNs are used to connect an on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of VPN is most commonly used by organizations that have a single on-premises location and want to connect it to their Azure virtual network.


Azure Site-to-Site VPN offers many benefits over other VPN solutions, such as the ability to connect multiple on-premises locations to your Azure VNet, using existing networking equipment. Additionally, Azure Site-to-Site VPN supports both policy-based and route-based VPNs.


Azure Site-to-Site VPN supports three different VPN types. Point-to-Site (P2S), S2S, and ExpressRoute. You can use all three types with Azure to create a secure connection between your on premises network and Azure.

Point-to-Site (P2S): P2S creates a secure connection to an Azure virtual network from individual client computers. P2S is a convenience technology because it doesn’t require a VPN device or RSA token.

Site-to-Site (S2S): S2S uses IPsec to connect your on premises network to an Azure virtual network over the public Internet by securely extending your network into Azure. An S2S connection requires a VPN device located on your premises that has a public IP address assigned to it and is not located behind NAT.

ExpressRoute: ExpressRoute bypasses the public Internet and connects your on premises network directly to Azure by using either an Ethernet circuit from an approved provider, or by using an MPLS VPN circuit from an approved provider. An ExpressRoute circuit must have sufficient bandwidth to support the maximum number of concurrent connections that you expect to make over the circuit.


IPsec authentication types

Azure supports three IPsec authentication types:

-Pre-Shared Key (PSK): This is the most common type of VPN and uses a shared secret to authenticate peers. The PSK is manually configured on both sides of the connection.
-Certificate: Certificate-based authentication uses Public Key Infrastructure (PKI) to authenticate peers. Each side of the connection must have a valid certificate issued by a trusted Certificate Authority (CA), or a self-signed certificate if you are using certificate validation with an Azure Managed Certificate.
-Azure AD Authentication: Azure AD Authentication allows you to use your Azure Active Directory credentials to authenticate to your VPN gateway. This type of authentication requires that your on-premises VPN device and your Azure virtual network gateway be integrated with Azure AD.

Azure Virtual Network

There are three types of Virtual Network (VNet) connections that you can make from your on-premises network to an Azure VNet. These are: Point-to-Site, Site-to-Site, and ExpressRoute. Each type of connection offers different capabilities and has different pricing. In this article, we will discuss the benefits of each type of connection and when you should use each one.


Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. A VNet is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud service. You can control your network traffic and isolate your VNet from other VNets in Azure. You can also extend your on-premises network to Azure, which gives you more control and flexibility over how you secure and connect your virtual machines (VMs) to resources both on-premises and in Azure.

There are three types of VPNs that you can use to connect to Azure: Point-to-Site (P2S), Site-to-Site (S2S), and ExpressRoute. P2S VPNs are used to connect an individual client computer to an Azure VNet. S2S VPNs are used to connect an on-premises network to an Azure VNet. ExpressRoute connections do not go over the public Internet, so they offer additional security features and reliability compared to site-to-site connections that use IPsec over the public Internet.


Azure Virtual Network (VNet) is a logical representation of an isolated network in the cloud. VNets are used to provision and manage Azure resources such as virtual machines (VMs), websites, and databases in a virtual network environment. VNets provide isolation from other VNets, and allow you to control traffic flows between VMs, securely connect VM endpoints to on-premises locations, and extend your on-premises IT resources into the cloud.

Azure supports several types of VPNs. Site-to-Site VPNs connect an on-premises location to an Azure VNet over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Point-to-Site VPNs connect individual computers or devices to an Azure VNet over SSTP or IKEv2. ExpressRoute circuits can also be used to create private connections between Azure and your on-premises sites or colocation facilities.


Azure Virtual Network supports various types of authentication, including:
-Pre-shared key (PSK)
– RADIUS-based

Leave a Comment