Creating an Azure VPN Gateway in the Portal

Introduction

Azure VPN gateways send encrypted traffic between VNets and other VNets, such as in VNet-to-VNet connections, or on-premises networks, such as with Site-to-Site connections. VPN gateways support multiple connections and the bandwidth for the VPN gateway is shared across all connections. Azure VPN gateways are a type of Azure virtual network gateway. The other type of virtual network gateway is an ExpressRoute gateway. 

VPN gateways depend on a gateway subnet being created in the VNet. The VPN gateway is comprised of two or more VMs in the gateway subnet. The VMs are host routing tables and other gateway services. You cannot manually configure the VPN gateway VMs and you should never create any other resources in the gateway subnet. The name of the gateway subnet must be GatewaySubnet by convention.

In this Lab Step, you will create a VPN gateway in the Portal.

Instructions

1. Enter virtual network gateway in the Portal's search bar and click Virtual network gateways under Marketplace to start creating a VPN gateway:

2. Set the following values in the Create virtual network gateway blade, leaving the defaults for the rest, before clicking Next : Tags >:

• INSTANCE DETAILS
  • Name: cal-vpn-gateway
  • Region: West US
  • Gateway type: VPN (this is what makes the virtual network gateway a VPN gateway)
  • VPN type: Route-based (Route-based is required for VNet-to-VNet connections)
  • SKU: VpnGw1
• VIRTUAL NETWORK
  • Virtual network: cloudacademynet (Setting this automatically sets a valid address range for the Gateway subnet that must be created before the VPN gateway)
• PUBLIC IP ADDRESS
  • Public IP address name: cal-vpn-gateway-ip

Warning: If you can't reach the virtual network, make sure the deployment of the base resources is completed. You can find it under Resource groups -> ca-lab-### -> Deployments.

The Basic SKU is substantially less expensive but offers lower bandwidth and a lower number of tunnels. Zone Redundant Gateway SKUs are also available in select regions to provide increased resiliency, scalability and higher availability by utilizing multiple Azure Availability Zones. Details about pricing, bandwidth and allowed number of tunnels is available on the VPN gateway pricing page. You can also consider enabling Enable active-active mode when requirements do not allow interruptions of up to 1.5 minutes for unplanned issues. That is the worst-case time for the VPN gateway to failover to the standby VM in the VPN gateway when active-active is not enabled.

3. Select the following from the drop-down menus in the Tags tab before clicking Next : Review + create >:

• NAME: Organization
• VALUE: Cloud Academy Labs

All of the Lab resources are tagged with the Organization tag to.

4. Review the VPN gateway configuration and click Create:

Note: The Resource group value is shown as None because its value is automatically derived based on the selected virtual network.

You are taken to a deployment blade showing the status of the VPN gateway deployment:

It can take up to 45 minutes or more to create a VPN gateway (although it usually takes around 20 minutes while this Lab was being written). You will proceed to create the second VPN gateway while the deployment progresses.

Summary

In this Lab Step you created a VPN gateway using the portal. You also learned about the different SKUs and how VPN gateways require a special gateway subnet to be deployed.

Once the VPN gateway finishes deploying, the state of the Lab environment is as follows:

Where the VPN Gateway icon is a simplified representation of the following: