The new version of Azure VPN Gateway addresses the needs of mission-critical workloads which require great precision and high performance. Better SLA ensures better speed and available at the same price. The entire VPN gateway service is re-engineered and stricter SLA is added up to provide 6x faster performance and solve the issue of increased cross-premises which the users of Azure Virtual Networks (VNets) were facing in the past. With the help of custom IPsec/IKE policy gives better control over the VPN policies while you get the liberty of choosing the encryption policy.

How to Use New VPN Gateway?

The deployment guidance for the new VPN gateway has slightly changed, but some of the previous scenarios are same like the basic VPN, for instances, 80-100 Mbps performance and the same 99.95% SLA. However, you can’t use isn’t suitable for any production scenarios and appropriate for only non-production dev scenarios. If you want to use VPN for production purpose, then migrate your VPN Gateway to the new VPN Gateway immediately as it comes with 99.95% SLA.

How Does the New Generation give Better Performance?

On-premises and cross region VNet-to-VNet are two different methods to connect the VPN Gateway. Azure VPN Gateway offers one tunnel and multiple tunnels which give 1Gbps and 1.25Gbps performance respectively.

VpnGw1 offers 6.5x better speed at 650 Mbps while the VpnGw2 gives 5x performance at 1Gbps. 10 to 30 site to site tunnels are added up to the new gateway in order to get it connect with more sites. The overall performance is dependent on several factors like the quality of the ISP, distance from the network, and the behavior of the application. S2S VPN is used to connect branch offices with the same Azure VNet and if you want to connect main corporate WAN then ExpressRoute is the best option.

What are the Capabilities of New VPN?

Support for custom IPsec/IKE connection policies and the power to connect multiple on-premises networks are the two new features added up in the new Azure VPN gateway. The first option aims to satisfy compliance and security requirement while the other is helpful to connect policy-based firewall devices with Azure VPN gateway. Custom IPsec policy allows the user to set cryptography algorithms on S2S or VNet-to-VNet connection. The default cryptography algorithms increase the interoperability with 3rd party VPN devices. Here is an example that describes the method of combining the two cryptography algorithms.

Likewise, the custom policy allows you to connect multiple on-premises policy-based VPN devices with Azure in the following way: