Point-to-Site VPNs
Start course
1h 5m

This course explores Azure Virtual Networks, how to create them, and how to connect them. It begins with a vNet overview, where you'll learn about basic Azure Virtual Network concepts and about some key best practices. We'll cover communications topics, filtering, routing, and integration, before working through a demo that shows you how to deploy a virtual network in Microsoft Azure.

After covering the basics of Azure Virtual Networks in the first half of this course, we'll use the second half to dive into VPNs, where you'll learn about site-to-site VPNs, point-to-site VPNs, ExpressRoute, and vNet peering. You'll also watch a demonstration from the Azure platform that shows you how to peer two vNets in Azure. 

If you have any feedback relating to this course, feel free to contact us at

Learning Objectives

  • Obtain a foundational understanding of Azure Virtual Networks including key concepts, best practices, communications, filtering, routing, and integration
  • Provision a virtual network
  • Understand what the Azure VPN Gateway is and what it does
  • Build a site-to-site VPN
  • Learn how to connect a single client computer to a virtual network using a point-to-site VPN gateway
  • Learn how to connect your on-premises network to Azure using ExpressRoute
  • Learn how to peer two Azure Virtual Networks

Intended Audience

This course is intended for anyone who wants to learn about Azure Virtual Networks, how to create them, and how to connect them.


To get the most out of this course, you should have a basic understanding of the Azure platform and networking in general.


Hello and welcome to Point-to-Site VPNs. In this lesson, you will be introduced to point-to-site VPNs. You’ll learn what they are and when to use them.

A point-to-site VPN gateway connection is a type of connection that you typically use to securely connect a single client computer to a virtual network in Azure. This is a common connection type for remote workers who need access to resources on your Azure virtual network. These types of connections are initiated from the client computer.

When you create a point-to-site VPN, you have a choice of protocols. You can use OpenVPN Protocol, Secure Socket Tunneling Protocol, otherwise known as SSTP, orIKEv2 VPN. 

The OpenVPN Protocol is an SSL/TLS-based VPN protocol that can be used through a firewall, since most firewalls allow TCP port 443 outbound. The OpenVPN Protocol is flexible because it can be used to connect from a variety of client machines, including those running Android, Windows, Linux, and Mac OSX.

Secure socket tunneling protocol is a proprietary VPN protocol that leverages TLS. It, too, can penetrate firewalls for the same reason OpenVPN can. However, unlike OpenVPN Protocol, SSTP only supports Windows devices.

IKEv2 VPN is a standards-based IPSec VPN solution. It can be used to connect from Mac OSX devices.

When a user initiates a point-to-site VPN connection to Azure, the user must first be authenticated before Azure accepts the connection. There are a couple different ways the user can be authenticated. These include native Azure certificate authentication, native Azure AD authentication, or a traditional Active Directory Domain Server.

The Azure certificate authentication option requires a client certificate to be present on the device that the user is connecting from. This certificate is validated by the VPN gateway during the connection handshake.

With Azure AD authentication, users can connect using their Azure AD credentials. It should be noted, however, that the native Azure AD authentication option is only supported for OpenVPN protocol. Windows 10 will also require the use of the Azure VPN Client to make this work.

Users in a traditional AD Domain can be authenticated using the traditional AD domain server through the use of a RADIUS server that needs to be integrated with the domain controller.


The table on your screen shows which Azure gateway SKUs support point-to-site VPNs.

For complete technical details on point-to-site VPNs, visit the URL that you see on your screen:


About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.