Bird
Raised Fist0
Azurecloud~5 mins

VPN Gateway for hybrid connectivity in Azure - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is an Azure VPN Gateway?
An Azure VPN Gateway is a service that connects your on-premises network to Azure through a secure, encrypted tunnel over the internet.
Click to reveal answer
beginner
What does 'hybrid connectivity' mean in cloud networking?
Hybrid connectivity means linking your local (on-premises) network with your cloud network so they work together as one.
Click to reveal answer
intermediate
Name two types of VPN connections supported by Azure VPN Gateway.
Azure VPN Gateway supports Site-to-Site VPN and Point-to-Site VPN connections.
Click to reveal answer
beginner
Why is encryption important in VPN Gateway connections?
Encryption keeps data private and safe while it travels over the internet between your on-premises network and Azure.
Click to reveal answer
intermediate
What is the role of a local network gateway in Azure VPN setup?
A local network gateway represents your on-premises network in Azure and holds information like your network's IP address range and VPN device IP.
Click to reveal answer
Which Azure service creates a secure tunnel between your on-premises network and Azure?
AAzure Blob Storage
BVPN Gateway
CAzure Functions
DAzure CDN
What type of VPN connection is used to connect a single client computer to Azure?
APoint-to-Site VPN
BVirtual Network Peering
CExpressRoute
DSite-to-Site VPN
What does a local network gateway in Azure represent?
AOn-premises network
BAzure storage account
CAzure virtual network
DAzure Active Directory
Why do VPN Gateways use encryption?
ATo increase storage space
BTo reduce costs
CTo speed up data transfer
DTo keep data private and secure
Which of these is NOT a feature of Azure VPN Gateway?
ACreating secure tunnels
BConnecting on-premises to Azure
CHosting web applications
DSupporting multiple VPN protocols
Explain how Azure VPN Gateway enables hybrid connectivity between on-premises and cloud networks.
Think about how two separate networks can talk safely over the internet.
You got /4 concepts.
    Describe the difference between Site-to-Site VPN and Point-to-Site VPN in Azure VPN Gateway.
    Consider who or what is connecting in each case.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the primary purpose of an Azure VPN Gateway in hybrid connectivity?
      easy
      A. To manage Azure Active Directory users
      B. To securely connect an Azure virtual network with an on-premises network
      C. To provide public internet access to Azure resources
      D. To host web applications in Azure

      Solution

      1. Step 1: Understand VPN Gateway role

        An Azure VPN Gateway creates a secure tunnel between Azure and on-premises networks.

      2. Step 2: Identify correct purpose

        Among the options, only connecting Azure virtual network with on-premises securely matches the VPN Gateway's role.

      3. Final Answer:

        To securely connect an Azure virtual network with an on-premises network -> Option B

      4. Quick Check:

        VPN Gateway = Secure hybrid connection [OK]
      Hint: VPN Gateway links cloud and local networks securely [OK]
      Common Mistakes:
      • Confusing VPN Gateway with web hosting services
      • Thinking VPN Gateway manages user identities
      • Assuming VPN Gateway provides public internet access
      2. Which subnet name must you use when creating a VPN Gateway in an Azure virtual network?
      easy
      A. PublicSubnet
      B. VPNSubnet
      C. Subnet1
      D. GatewaySubnet

      Solution

      1. Step 1: Recall required subnet for VPN Gateway

        Azure requires a subnet named exactly 'GatewaySubnet' for VPN Gateway deployment.

      2. Step 2: Verify option correctness

        Only 'GatewaySubnet' matches the required name; others are invalid for VPN Gateway.

      3. Final Answer:

        GatewaySubnet -> Option D

      4. Quick Check:

        VPN Gateway subnet = GatewaySubnet [OK]
      Hint: Always name VPN Gateway subnet as GatewaySubnet [OK]
      Common Mistakes:
      • Using generic subnet names instead of GatewaySubnet
      • Confusing VPNSubnet with GatewaySubnet
      • Not creating a dedicated subnet for VPN Gateway
      3. Given this Azure CLI command snippet to create a VPN Gateway: 
      az network vnet-gateway create --name MyVpnGateway --public-ip-address MyPublicIP --resource-group MyResourceGroup --vnet MyVNet --gateway-type Vpn --vpn-type RouteBased --sku VpnGw1
      What VPN type is being used here?
      medium
      A. RouteBased
      B. PointToSite
      C. ExpressRoute
      D. PolicyBased

      Solution

      1. Step 1: Analyze the command parameters

        The parameter '--vpn-type RouteBased' explicitly sets the VPN type to RouteBased.

      2. Step 2: Confirm VPN type meaning

        RouteBased VPN supports flexible connections and is commonly used for hybrid networks.

      3. Final Answer:

        RouteBased -> Option A

      4. Quick Check:

        --vpn-type RouteBased means RouteBased VPN [OK]
      Hint: Look for --vpn-type parameter to identify VPN type [OK]
      Common Mistakes:
      • Confusing PolicyBased with RouteBased
      • Assuming ExpressRoute is a VPN type
      • Mixing PointToSite with Site-to-Site VPN types
      4. You deployed a VPN Gateway but the connection to your on-premises network fails. Which of these is a likely misconfiguration?
      medium
      A. The virtual network has too many subnets
      B. The VPN Gateway SKU is set to Basic for high throughput needs
      C. The GatewaySubnet is missing or incorrectly named
      D. The public IP address is assigned to a VM instead of the VPN Gateway

      Solution

      1. Step 1: Check subnet configuration

        VPN Gateway requires a correctly named GatewaySubnet; missing or wrong name causes failure.

      2. Step 2: Evaluate other options

        Too many subnets is not a direct cause; SKU Basic may limit performance but not cause failure; public IP must be assigned to VPN Gateway, not VM.

      3. Final Answer:

        The GatewaySubnet is missing or incorrectly named -> Option C

      4. Quick Check:

        GatewaySubnet misconfiguration causes VPN failure [OK]
      Hint: Verify GatewaySubnet exists and is named correctly [OK]
      Common Mistakes:
      • Ignoring GatewaySubnet naming requirements
      • Assigning public IP to wrong resource
      • Assuming SKU affects connection establishment
      5. You want to set up a hybrid network with Azure using a VPN Gateway. Your on-premises network uses static routing. Which VPN type should you choose for maximum flexibility and why?
      hard
      A. RouteBased, because it supports both static and dynamic routing
      B. PolicyBased, because it supports static routing only
      C. ExpressRoute, because it is faster than VPN
      D. PointToSite, because it supports multiple clients

      Solution

      1. Step 1: Understand VPN types and routing

        PolicyBased VPN supports only static routing; RouteBased supports static and dynamic routing.

      2. Step 2: Match VPN type to flexibility needs

        RouteBased VPN is more flexible and recommended for hybrid networks with static or dynamic routing.

      3. Step 3: Exclude other options

        ExpressRoute is a different service, not a VPN type; PointToSite is for individual client connections, not site-to-site.

      4. Final Answer:

        RouteBased, because it supports both static and dynamic routing -> Option A

      5. Quick Check:

        RouteBased VPN = flexible routing support [OK]
      Hint: Choose RouteBased VPN for static and dynamic routing support [OK]
      Common Mistakes:
      • Choosing PolicyBased for flexibility
      • Confusing ExpressRoute with VPN Gateway
      • Using PointToSite for site-to-site connectivity