| title | titleSuffix | description | author | ms.author | ms.service | ms.topic | ms.date |
|---|---|---|---|---|---|---|---|
Tutorial – Create & manage a VPN gateway – Azure portal |
Azure VPN Gateway |
In this tutorial, learn how to create and manage an Azure VPN gateway by using the Azure portal. |
cherylmc |
cherylmc |
azure-vpn-gateway |
tutorial |
11/20/2024 |
This tutorial helps you create and manage a virtual network gateway (VPN gateway) using the Azure portal. The VPN gateway is one part of the connection architecture that helps you securely access resources within a virtual network using VPN Gateway.
:::image type="content" source="./media/tutorial-create-gateway-portal/gateway-diagram.png" alt-text="Diagram that shows a virtual network and a VPN gateway." lightbox="./media/tutorial-create-gateway-portal/gateway-diagram-expand.png":::
- The left side of the diagram shows the virtual network and the VPN gateway that you create by using the steps in this article.
- You can later add different types of connections, as shown on the right side of the diagram. For example, you can create site-to-site and point-to-site connections. To view different design architectures that you can build, see VPN gateway design.
In this tutorial, you learn how to:
[!div class="checklist"]
- Create a virtual network.
- Create an active-active mode zone-redundant VPN gateway.
- View the gateway public IP address.
- Resize a VPN gateway (resize SKU).
- Reset a VPN gateway.
- If you want to learn more about the configuration settings used in this tutorial, see About VPN Gateway configuration settings.
- For more information about Azure VPN Gateway, see What is Azure VPN Gateway.
- If you want to create a gateway using the Basic SKU (instead of VpnGw2AZ), see Create a Basic SKU VPN gateway.
- For more information about active-active mode gateways, see About active-active mode.
- For more information about zone-redundant gateways, see About zone-redundant gateways.
Note
[!INCLUDE AZ SKU region support note]
You need an Azure account with an active subscription. If you don't have one, create one for free.
Create a virtual network using the following example values:
- Resource group: TestRG1
- Name: VNet1
- Region: (US) East US (or region of your choosing)
- IPv4 address space: 10.1.0.0/16
- Subnet name: Use the default name, or specify a name. Example: FrontEnd
- Subnet address space: 10.1.0.0/24
[!INCLUDE Create a VNet]
After you create your virtual network, you can optionally configure Azure DDoS Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS Protection, see What is Azure DDoS Protection.
[!INCLUDE About GatewaySubnet with links]
[!INCLUDE Create gateway subnet]
[!INCLUDE NSG warning]
In this section, you create the virtual network gateway (VPN gateway) for your virtual network. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.
Create a gateway using the following values:
- Name: VNet1GW
- Gateway type: VPN
- SKU: VpnGw2AZ
- Generation: Generation 2
- Virtual network: VNet1
- Gateway subnet address range: 10.1.255.0/27
- Public IP address: Create new
- Public IP address name: VNet1GWpip1
- Public IP address SKU: Standard
- Assignment: Static
- Second Public IP address name: VNet1GWpip2
[!INCLUDE Create a vpn gateway] [!INCLUDE Configure PIP settings]
A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the Overview page for your gateway. After the gateway is created, you can view the IP address assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device.
To view public IP addresses associated to your virtual network gateway, navigate to your gateway in the portal.
- On the portal page for your virtual network gateway, under Settings, open the Properties page.
- To view more information about the IP address object, click the associated IP address link.
There are specific rules for resizing versus changing a gateway SKU. In this section, you resize the SKU. For more information, see Resize or change gateway SKUs.
The basic steps are:
- Go to the Configuration page for your virtual network gateway.
- On the right side of the page, select the dropdown arrow to show a list of available SKUs. Notice that the list only populates SKUs that you're able to use to resize your current SKU. If you don't see the SKU you want to use, instead of resizing, you have to change to a new SKU.
- Select the SKU from the dropdown list and save your changes.
Gateway resets behave differently, depending on your gateway configuration. For more information, see Reset a VPN gateway or a connection.
The basic steps are:
[!INCLUDE reset a gateway]
If you're not going to continue to use this application or go to the next tutorial, delete these resources.
- Enter the name of your resource group in the Search box at the top of the portal and select it from the search results.
- Select Delete resource group.
- Enter your resource group for TYPE THE RESOURCE GROUP NAME and select Delete.
After you create a VPN gateway, you can configure more gateway settings and connections. The following articles help you create a few of the most common configurations:
[!div class="nextstepaction"] Site-to-site VPN connections
[!div class="nextstepaction"] Point-to-site VPN connections