Azure supports different types of VPNs. You can use Azure to connect your on-premises network to your Azure virtual network (VNet). Azure supports the following VPN types: Point-to-Site (P2S), Site-to-Site (S2S), VNet-to-VNet, and ExpressRoute.
Checkout this video:
VPN types
There are three types of VPNs that can be implemented in Azure: Point-to-Site, Site-to-Site, and VNet-to-VNet. Point-to-Site (P2S) VPNs are used to connect individual clients to a VNet. Site-to-Site (S2S) VPNs are used to connect an on-premises network to a VNet. VNet-to-VNet (V2V) VPNs are used to connect two VNets to each other.
Policy-based VPNs
Policy-based VPNs encrypt and route traffic by using a policy-based encryption standard, such as IPSec. Policy-based VPNs require you to define traffic flows, or policies, to permit or deny traffic. You can create and manage policies by using the Azure portal, PowerShell, Azure Resource Manager templates, or the network watcher VPN diagnostics tool. For more information about how to create policies, see Create a policy-based (static routing) gateway.
For more information about how policy-based VPNs work in Azure VPN Gateway, see About policy-based VPNs.
Route-based VPNs
A route-based VPN gateway uses the routing table to send traffic between an Azure virtual network and an on-premises location. A route-based VPN gateway is also known as a router. When you create a route-based VPN gateway, it creating two Policies, one for inbound traffic, and one for outbound traffic.
In a route-based VPN gateway, traffic is always forwarded by using routes. Routes are inserted automatically into the forwarding table by the Azure VPN gateway for all supported protocols:static routes, BGP routes, or both. If a static route has been configured by using Azure PowerShell or the Azure Management Portal that conflicts with a route added by the Azure VPN gateway (for example, 0.0.0.0/0), then the static route takes precedence over the automatically inserted route.
Azure VPN gateway
Azure VPN gateway supports the following VPN types: Point-to-Site, Site-to-Site, VNet-to-VNet, and Multi-Site. You can use Azure VPN gateway to connect these VPN types in azure. Azure VPN gateway supports bothPolicy-Based and Route-Based VPNs.
Supported VPN types
Azure supports the following VPN types:
-Point-to-Site (P2S): A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. P2S VPN connections are used to connect to resources in a VNet over the Internet, for instance when you are working from a coffee shop, airport, or hotel.
-Site-to-Site (S2S): A Site-to-Site (S2S) VPN gateway connection is a cross-premises connection between your on-premises network and a VNet. S2S connections use IPsec/IKE (IKEv1 or IKEv2), and Azure supports both policy-based and route based VPNs. Policy based VPNs use static routes exclusively, whereas route based VPNs can use both static routes and dynamic routes (using BGP).
Additionally, because S2S connections go over the Internet, you should filter unwanted traffic to only allow the intended traffic for security purpose. You can also choose to encrypt all S2S traffic with IPsec.
Creating a VPN gateway
When you create a virtual network, Azure creates a default gateway subnet for you. The gateway subnet contains the resources that you use to create your VPN gateway. A VPN gateway is composed of two parts:
A VM or appliance that acts as an Azure VPN gateway appliance.
-An Azure VPN gatewaySKU that determines the VPN performance you get.
Connecting to a VPN gateway
Azure supports the following VPN gateway types: PolicyBased (IKEv1), RouteBased (IKEv2), and policy-based and route-based Azure VPN gateways. You can also use Azure to connect to on-premises locations by using site-to-site VPNs. When you create a VPN gateway, you must specify the gateway type, location, and size.
Policy-based VPNs
Policy-based VPNs are implemented using a route-based VPN gateway. Policy-based VPNs for Azure virtual networks were generally available in December 2012. Policy-based VPNs are supported for the following gateways:
-Basic SKU
-Standard SKU
Policy-based VPNs require a static public IP address for the gateway. The policies applied to the gateway control traffic flow to and from the virtual network. All traffic that matches the defined policies is routed through the policy-based VPN gateway. Traffic that does not match any of the policies is not routed through the gateway.
Route-based VPNs
A route-based VPN gateway uses the routing table to direct packet forwarding. Route-based gateways are also known as dynamic gateways. A Policy-based VPN gateway is an older type of gateway that uses the policies (PSKs and L2TP/IPsec) configured to decide which packets to send through the tunnel. Policy-based gateways are also known as static gateways.
When you create a virtual network gateway, you select the type of gateway based on the VPN traffic policies and performance that you need for your virtual network. The different types of bank accounts available to customers are:
* savings account
* current account
* fixed deposit account
* recurring deposit account
Each type of bank account has its own set of features and benefits, so customers can choose the account that best suits their needs.