VPN Gateways
VPN Gateways
1h 5m

This course explores Azure Virtual Networks, how to create them, and how to connect them. It begins with a vNet overview, where you'll learn about basic Azure Virtual Network concepts and about some key best practices. We'll cover communications topics, filtering, routing, and integration, before working through a demo that shows you how to deploy a virtual network in Microsoft Azure.

After covering the basics of Azure Virtual Networks in the first half of this course, we'll use the second half to dive into VPNs, where you'll learn about site-to-site VPNs, point-to-site VPNs, ExpressRoute, and vNet peering. You'll also watch a demonstration from the Azure platform that shows you how to peer two vNets in Azure. 

If you have any feedback relating to this course, feel free to contact us at

Learning Objectives

  • Obtain a foundational understanding of Azure Virtual Networks including key concepts, best practices, communications, filtering, routing, and integration
  • Provision a virtual network
  • Understand what the Azure VPN Gateway is and what it does
  • Build a site-to-site VPN
  • Learn how to connect a single client computer to a virtual network using a point-to-site VPN gateway
  • Learn how to connect your on-premises network to Azure using ExpressRoute
  • Learn how to peer two Azure Virtual Networks

Intended Audience

This course is intended for anyone who wants to learn about Azure Virtual Networks, how to create them, and how to connect them.


To get the most out of this course, you should have a basic understanding of the Azure platform and networking in general.


Welcome to VPN Gateways. Over the next few lessons and demos, we are going to dive into different types of VPNs that you can deploy in Azure. A key component of VPNs in Azure is the VPN Gateway, so let’s talk a little bit about what the VPN Gateway is and what it does.

Before you deploy a VPN connection in Azure, you need to deploy a VPN gateway. This VPN Gateway is a special kind of virtual network gateway. It’s typically used to send encrypted network traffic between an Azure virtual network and an on-prem network over the public internet. However, you can also use a VPN Gateway to send encrypted traffic between different Azure virtual networks over the Microsoft network if you wish.

You can only define one VPN gateway per virtual network. However, each VPN Gateway supports multiple connections to it. This allows you to connect multiple networks to the same gateway.

When you deploy a virtual network gateway, quite a few things happen under the hood. The process begins with Azure deploying at least two hidden VMs that you can’t see. These VMs are deployed to a gateway subnet that you specify during the gateway deployment, and they contain routing tables and the gateway services. Since they are hidden and used only by Azure, you cannot configure the VMs at all.

When you deploy a virtual network gateway, you need to tell Azure what type of gateway it should be. Specifying a type of “VPN” tells Azure that the gateway will be used to build a typical VPN connection. If you specify “ExpressRoute” as the type, the gateway will be configured for an ExpressRoute connection.

When you deploy a virtual network gateway, it can take up to 45 minutes for the deployment to complete. This makes sense since so much stuff happens under the hood. Once the gateway is deployed, you can create an IPSec or IKE VPN tunnel between the newly deployed virtual network gateway and any one of a number of other gateways. For example, you can create a vNet-to-vNet connection to another VPN gateway in Azure, or you can create a site-to-site connection to an on-prem VPN device. You can even create a point-to-site connection that will allow you to connect to your virtual network from a remote location.

To learn more about virtual network gateways, visit the URL that you see on your screen: 

Later on, I’ll show you how to deploy a virtual network gateway and how to use it to build a site-to-site VPN connection.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.