Site-to-Site VPNs
Site-to-Site VPNs
1h 5m

This course explores Azure Virtual Networks, how to create them, and how to connect them. It begins with a vNet overview, where you'll learn about basic Azure Virtual Network concepts and about some key best practices. We'll cover communications topics, filtering, routing, and integration, before working through a demo that shows you how to deploy a virtual network in Microsoft Azure.

After covering the basics of Azure Virtual Networks in the first half of this course, we'll use the second half to dive into VPNs, where you'll learn about site-to-site VPNs, point-to-site VPNs, ExpressRoute, and vNet peering. You'll also watch a demonstration from the Azure platform that shows you how to peer two vNets in Azure. 

If you have any feedback relating to this course, feel free to contact us at

Learning Objectives

  • Obtain a foundational understanding of Azure Virtual Networks including key concepts, best practices, communications, filtering, routing, and integration
  • Provision a virtual network
  • Understand what the Azure VPN Gateway is and what it does
  • Build a site-to-site VPN
  • Learn how to connect a single client computer to a virtual network using a point-to-site VPN gateway
  • Learn how to connect your on-premises network to Azure using ExpressRoute
  • Learn how to peer two Azure Virtual Networks

Intended Audience

This course is intended for anyone who wants to learn about Azure Virtual Networks, how to create them, and how to connect them.


To get the most out of this course, you should have a basic understanding of the Azure platform and networking in general.


Welcome to Site-to-Site VPNs! In this lesson, we are going to look at what a site-to-site VPN is, why you would use it, and how you would deploy one.

In most cases, when you need to connect an on-prem network to an Azure virtual network, you’ll use a site-to-site VPN gateway. This type of connection allows you to establish an IPSec or IKE VPN tunnel between the on-prem network and the Azure vNet. To deploy this type of connection, you need to have a VPN device deployed on-prem. This on-prem VPN device needs to have a public IP address assigned to it so that the Azure-based VPN gateway can communicate with it.

The image that you see on your screen shows what a typical connection would look like.

The overall process for creating a site-to-site VPN connection is pretty straightforward. You start by creating the Azure virtual network that you’ll be connecting to the on-prem network. 

Once you have the virtual network created, you create a gateway subnet on your virtual network, and then you create a VPN gateway. The creation of the gateway subnet takes just a few minutes to create, while the deployment of the VPN gateway can take up to 45 minutes to complete. 

After you’ve created the VPN gateway, you can create the local network gateway. This local network gateway that you create represents the on-prem endpoint of the eventual VPN connection. 

With both the VPN gateway and the local network gateway created, you need to configure the on-prem VPN device. This process will differ, based on the device you have. 

Once the on-prem device is configured, you can deploy a VPN connection in Azure. This VPN connection creates the site-to-site connection between the VPN gateway, which represents the Azure side of the VPN, and the local network gateway, which represents the on-prem endpoint of the VPN connection.

Once the VPN connection is provisioned, you need to verify the connection.

Join me in the next lesson, where I’ll show you in more detail how to create a site-to-site VPN connection.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.