You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/vpn-gateway-vpn-faq.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Azure VPN Gateway FAQ
3
-
description: Learn about frequently asked questions for VPN Gateway cross-premises connections, hybrid configuration connections, and virtual network gateways. This FAQ contains comprehensive information about point-to-site, site-to-site, and network-to-network configuration settings.
3
+
description: Learn about frequently asked questions for VPN Gateway cross-premises connections, hybrid configuration connections, and virtual network gateways. This FAQ contains comprehensive information about point-to-site, site-to-site, and VNet-to-VNet configuration settings.
4
4
author: cherylmc
5
5
ms.service: vpn-gateway
6
6
ms.topic: conceptual
@@ -16,19 +16,19 @@ This article answers frequently asked questions about Azure VPN Gateway connecti
16
16
17
17
### Can I connect virtual networks in different Azure regions?
18
18
19
-
Yes. There's no region constraint. One virtual network can connect to another virtual network in the same region or in a different Azure region.
19
+
Yes. There's no region constraint. One virtual network (VNet) can connect to another virtual network in the same region or in a different Azure region.
20
20
21
21
### Can I connect virtual networks in different subscriptions?
22
22
23
23
Yes.
24
24
25
-
### Can I specify private DNS servers in my virtual network when configuring a VPN gateway?
25
+
### Can I specify private DNS servers in my VNet when configuring a VPN gateway?
26
26
27
27
If you specified a DNS server or servers when you created your virtual network, the VPN gateway uses the DNS servers that you specified. If you specify a DNS server, verify that your DNS server can resolve the domain names needed for Azure.
28
28
29
29
### Can I connect to multiple sites from a single virtual network?
30
30
31
-
You can connect to multiple sites by using Windows PowerShell and the Azure REST APIs. See the [Multi-site and network-to-network connectivity](#V2VMulti) FAQ section.
31
+
You can connect to multiple sites by using Windows PowerShell and the Azure REST APIs. See the [Multi-site and VNet-to-VNet connectivity](#V2VMulti) FAQ section.
32
32
33
33
### Is there an additional cost for setting up a VPN gateway as active-active?
34
34
@@ -40,7 +40,7 @@ The following cross-premises virtual network gateway connections are supported:
40
40
41
41
***Site-to-site (S2S)**: VPN connection over IPsec (IKEv1 and IKEv2). This type of connection requires a VPN device or Windows Server Routing and Remote Access. For more information, see [Create a site-to-site VPN connection in the Azure portal](./tutorial-site-to-site-portal.md).
42
42
***Point-to-site (P2S)**: VPN connection over Secure Socket Tunneling Protocol (SSTP) or IKEv2. This connection doesn't require a VPN device. For more information, see [Configure server settings for point-to-site VPN Gateway certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
43
-
***Network-to-network**: This type of connection is the same as a site-to-site configuration. A connection between virtual networks is a VPN connection over IPsec (IKEv1 and IKEv2). It doesn't require a VPN device. For more information, see the [Configure a network-to-network VPN gateway connection](vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
43
+
***VNet-to-VNet**: This type of connection is the same as a site-to-site configuration. VNet-to-VNet is a VPN connection over IPsec (IKEv1 and IKEv2). It doesn't require a VPN device. For more information, see the [Configure a VNet-to-VNet VPN gateway connection](vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
44
44
***Azure ExpressRoute**: ExpressRoute is a private connection to Azure from your wide area network, not a VPN connection over the public internet. For more information, see the [ExpressRoute technical overview](../expressroute/expressroute-introduction.md) and the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md).
45
45
46
46
For more information about VPN gateway connections, see [What is Azure VPN Gateway?](vpn-gateway-about-vpngateways.md).
@@ -61,13 +61,13 @@ You can configure your virtual network to use both site-to-site and point-to-sit
61
61
62
62
### Does a misconfiguration of custom DNS break the normal operation of a VPN gateway?
63
63
64
-
For normal functioning, the VPN gateway must establish a secure connection with the Azure control plane, facilitated through public IP addresses. This connection relies on resolving communication endpoints via public URLs. By default, Azure virtual networks use the built-in Azure DNS service (168.63.129.16) to resolve these public URLs. This default behavior helps ensure seamless communication between the VPN gateway and the Azure control plane.
64
+
For normal functioning, the VPN gateway must establish a secure connection with the Azure control plane, facilitated through public IP addresses. This connection relies on resolving communication endpoints via public URLs. By default, Azure VNets use the built-in Azure DNS service (168.63.129.16) to resolve these public URLs. This default behavior helps ensure seamless communication between the VPN gateway and the Azure control plane.
65
65
66
-
When you're implementing a custom DNS within the virtual network, it's crucial to configure a DNS forwarder that points to the Azure DNS (168.63.129.16), to maintain uninterrupted communication between the VPN gateway and control plane. Failure to set up a DNS forwarder to Azure DNS can prevent Microsoft from performing operations and maintenance on the VPN gateway, which poses a security risk.
66
+
When you're implementing a custom DNS within the VNet, it's crucial to configure a DNS forwarder that points to the Azure DNS (168.63.129.16), to maintain uninterrupted communication between the VPN gateway and control plane. Failure to set up a DNS forwarder to Azure DNS can prevent Microsoft from performing operations and maintenance on the VPN gateway, which poses a security risk.
67
67
68
-
To help ensure proper functionality and healthy state for your VPN gateway, consider one of the following DNS configurations in the virtual network:
68
+
To help ensure proper functionality and healthy state for your VPN gateway, consider one of the following DNS configurations in the VNet:
69
69
70
-
* Revert to the Azure DNS default by removing the custom DNS within the virtual network settings (recommended configuration).
70
+
* Revert to the Azure DNS default by removing the custom DNS within the VNet settings (recommended configuration).
71
71
* Add in your custom DNS configuration a DNS forwarder that points to Azure DNS (168.63.129.16). Considering the specific rules and nature of your custom DNS, this setup might not resolve the issue as expected.
72
72
73
73
### Can two VPN clients connected in point-to-site to the same VPN gateway communicate?
@@ -300,7 +300,7 @@ Yes, RADIUS authentication is supported for both IKEv2 and SSTP VPN.
300
300
301
301
RADIUS authentication is supported for the OpenVPN protocol.
302
302
303
-
## <aname="V2VMulti"></a>Network-to-network and multi-site connections
303
+
## <aname="V2VMulti"></a>VNet-to-VNet and multi-site connections
0 commit comments