Reviewing Azure VPN Gateways
Azure VPN Gateways are a type of Azure Virtual network Gateway which allows you to create secure connections between your on-premises network and an Azure Virtual Network (VNet). Azure uses leading security practices to protect data traveling between your on-premises network and your Azure network as if it were a single virtual private network (VPN). Among the benefits of this is the ability to use a hybrid infrastructure consisting of cloud and on-premises resources, with more security than you would get by simply handling your traffic over the public internet. In this Lab Step, you will navigate to an existing VPN gateway and learn about its fundamentals.
1. On the dashboard of the Azure Portal, click the portal menu > All resources:
2. On the All resources blade, click caLabsGateway:
3. Notice a few things on the resulting Overview blade:
- The gateway has a Gateway type of VPN. While the scope of this Lab Step will only cover specifically VPN gateways, know that virtual network gateways can have more than one type.
- The VPN gateway has been provisioned within a Virtual network, specifically the one you reviewed earlier. This means that by default, any traffic sent through the gateway will end up in this specific VNet until directed elsewhere.
- The gateway also has a Public IP address. VPN gateways need a public IP address because although they create an environment that emulates a private network between your on-premises resources and your cloud resources, the traffic still technically needs to travel over the public internet to reach your VPN gateway. Once configured, your on-premises network will know to send its traffic to this public IP address.
4. In the menu to the left, click Connections:
5. Notice there aren't currently any connections. Any connections here would mean that your gateway is currently connected to another gateway, such as the gateway of an on-premises network. At the top of the Connections blade, click Add:
6. In the Add connection blade, change Connection type to Site-to-site (IPsec):
Notice two main data points here:
- The blade has a Virtual network gateway section set to calabsGateway, the gateway you're currently navigated to, and you can't change it. This means that you're attempting to create a connection from somewhere to your current VPN gateway.
- The blade also has a Local network gateway section, which is the section that would contain information about the local network (such as your on-premises network) that you wish to connect to your VPN gateway.
7. Click Choose a local network gateway and then Create new:
Notice two fields here:
- The IP address field would contain the public IP address of the gateway of your on-premises network. Just like your VPN Gateway needed a public IP address so that your on-premises resources know how to find it, the opposite is true. The public IP address here will tell your VPN gateway where to send traffic when transmitting data to your local network.
- The Name field is where you would place a unique label on your connection, for easy organization.
In this Lab Step, you navigated to an Azure VPN gateway, which is a kind of Virtual Network Gateway. You learned what it does, and why you might choose to use one. You also learned how a VPN gateway handles traffic to and from a separate network.