You can configure your virtual network to use both Site-to-Site and Point-to-Site concurrently, as long as you create your Site-to-Site connection using a route-based VPN type for your gateway. It's also a good option when you don't have access to VPN hardware or an externally facing IPv4 address, both of which are required for a Site-to-Site connection. It's great when you want to connect to a virtual network, but aren't located on-premises.
As part of the Point-to-Site configuration, you install a certificate and a VPN client configuration package, which contains the settings that allow your computer to connect to any virtual machine or role instance within the virtual network. Point-to-Site (VPN over SSTP) configurations let you connect from a single computer from anywhere to anything located in your virtual network. To create this type of connection, you must have an externally facing IPv4 address. This type of connection relies on an IPsec VPN appliance (hardware device or soft appliance), which must be deployed at the edge of your network. It's a great option for an always-available cross-premises connection and is well suited for hybrid configurations. This means that you can connect from any of your computers located on your premises to any virtual machine or role instance within your virtual network, depending on how you choose to configure routing and permissions. Site-to-Site (IPsec/IKE VPN tunnel) configurations are between your on-premises location and Azure. What is the difference between a Site-to-Site connection and Point-to-Site? For more information, see the ExpressRoute Technical Overview and the ExpressRoute FAQ.įor more information about VPN Gateway connections, see About VPN Gateway. ExpressRoute: ExpressRoute is a private connection to Azure from your WAN, not a VPN connection over the public Internet.Multi-Site: This is a variation of a Site-to-Site configuration that allows you to connect multiple on-premises sites to a virtual network.VNet to VNet is a VPN connection over IPsec (IKE v1 and IKE v2). VNet-to-VNet: This type of connection is the same as a Site-to-Site configuration.This connection does not require a VPN device. Point-to-Site: VPN connection over SSTP (Secure Socket Tunneling Protocol) or IKE v2.This type of connection requires a VPN device or RRAS. Site-to-Site: VPN connection over IPsec (IKE v1 and IKE v2).The following cross-premises virtual network gateway connections are supported: What are my cross-premises connection options? Is there an additional cost for setting up a VPN gateway as active-active? See the Multi-Site and VNet-to-VNet Connectivity FAQ section.
You can connect to multiple sites by using Windows PowerShell and the Azure REST APIs. Can I connect to multiple sites from a single virtual network? If you specify a DNS server, verify that your DNS server can resolve the domain names needed for Azure. If you specified a DNS server or servers when you created your VNet, VPN Gateway will use the DNS servers that you specified. Can I specify private DNS servers in my VNet when configuring a VPN gateway? Can I connect virtual networks in different subscriptions? One virtual network can connect to another virtual network in the same region, or in a different Azure region. In this article Connecting to virtual networks Can I connect virtual networks in different Azure regions?