What VPN Types Are Supported By Azure?

If you’re looking to set up a VPN on your Azure account, you’ll want to know what types of VPNs are supported. In this blog post, we’ll cover the different VPN types that can be used with Azure.

What VPN Types Are Supported By Azure?Checkout this video:


There are many different types of VPNs, and each has its own advantages and disadvantages. The type of VPN you use will depend on your needs and the type of device you are using. Azure supports the following types of VPNs:

-Point-to-Site (P2S) VPNs
-Site-to-Site (S2S) VPNs

Point-to-Site (P2S) VPNs are used to connect a single device to a VNet. P2S connections do not require a VPN gateway. P2S connections are typically used for individual devices that need access to VNets, such as laptops or virtual machines.

Site-to-Site (S2S) VPNs are used to connect multiple devices in different locations to each other. S2S connections require a VPN gateway. S2S connections are typically used for organizations that have branch offices or multiple locations.

VNet-to-VNet is a type of S2S connection that connects two VNets to each other. VNet-to-VNet connections do not require a VPN gateway. VNet-to-VNet connections are typically used for organizations that have multiple VNets that need to be connected together, such as test and development environments or production and staging environments.

ExpressRoute is a type of connection that uses a private network instead of the public Internet. ExpressRoute connections do not go through the Internet and therefore do not require a VPN gateway. ExpressRoute connections are typically used for mission critical applications or applications that need to meet compliance requirements.

What is Azure?

Microsoft Azure is a public cloud computing platform—with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)—that supports a wide variety of workloads, such as web and mobile applications, gaming, data storage, service bus, caching, and media services. You can deploy and manage Azure solutions by using the Azure portal or PowerShell.

The Different Types of VPNs Supported By Azure

Azure supports different types of VPNs, which are listed below. Select the type of VPN that best suits your needs.

Point-to-Site (P2S)

Point-to-Site (P2S) creates a secure connection to an Azure virtual network from individual computer without having to go through the infrastructure of a VPN gateway. P2S is available for the following VPN protocols:
-Secure Socket Tunneling Protocol (SSTP).
P2S creates a Site-to-Site connection between your computer and the VNet.

Site-to-Site (S2S)

Azure supports several different types of VPN options for connecting your on-premises network to an Azure virtual network (VNet). This article provides an overview of the types of VPNs that are available with Azure.

Site-to-Site (S2S)
A site-to-site VPN gateway connection is a connection over IPsec or IKEv2 from your on-premises network or datacenter to an Azure VNet. An S2S connection requires a VPN device located at each end of the connection. Azure supports both policy-based and route-based gateways. For more information, see About VPN Gateway settings.

Policy-based VPNs were the first type of VPN supported by Azure, and are still supported by certain devices (for example, some SonicWALL devices). All devices that support policy-based virtual private networks (VPNs) must use similar configurations to be compatible with each other. If you want to use partner devices or other third party devices that require PolicyBased routing, we recommend using route based gateways with the PolicyBased option configured. The best way to determine if this is required is to check with the device manufacturer for more information about their device capabilities and limitations regarding PolicyBased VPNs in Azure.

Route based gateways are the current generation of gateways in Azure, and can provide you greater flexibility and scalability when configuring your virtual network’s gateway settings. If possible, we recommend using route based gateways unless you have a specific need for policy based gateways as specified above.
For more information about S2S connections, see What is site-to-site VPN?


ExpressRoute is a direct connection between an organization and Azure that uses a private link. The network connection is established using one of two technologies:

-Point-to-Point Ethernet: A point-to-point Ethernet connection that uses two routers to connect the customer network with the Azure infrastructure.

-MPLS VPN: A multiprotocol label switching (MPLS) VPN that routes packets based on labels instead of destination IP addresses. This type of VPN supports virtual private LAN service (VPLS), which allows you to connect multiple Layer 2 networks over a single connection.


While Azure supports several different types of VPNs, we recommend using the Azure Resource Manager VPN type whenever possible. This type of VPN is more scalable and manageable than Classic Site-to-Site VPNs, and it provides you with more control over access and security for your virtual network.

Leave a Comment