You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Learn about VPN Gateway topologies and designs you can use to connect on-premises locations to virtual networks.
4
4
author: cherylmc
5
5
ms.service: vpn-gateway
6
-
ms.topic: article
7
-
ms.date: 05/15/2024
6
+
ms.topic: concept-article
7
+
ms.date: 07/30/2024
8
8
ms.author: cherylmc
9
9
10
10
---
11
11
# VPN Gateway topology and design
12
12
13
-
There are many different configuration options available for VPN Gateway connections. Use the diagrams and descriptions in the following sections to help you select the connection topology that meets your requirements. The diagrams show the main baseline topologies, but it's possible to build more complex configurations using the diagrams as guidelines.
13
+
There are many different configuration options available for VPN Gateway connections. To help you select the connection topology that meets your requirements, use the diagrams and descriptions in the following sections. The diagrams show the main baseline topologies, but it's possible to build more complex configurations using the diagrams as guidelines.
14
14
15
15
## <aname="s2smulti"></a>Site-to-site VPN
16
16
17
-
A site-to-site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Site-to-site connections can be used for cross-premises and hybrid configurations. A site-to-site connection requires a VPN device located on-premises that has a public IP address assigned to it. For information about selecting a VPN device, see the [VPN Gateway FAQ - VPN devices](vpn-gateway-vpn-faq.md#s2s).
17
+
A site-to-site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Site-to-site connections can be used for cross-premises and hybrid configurations. A site-to-site connection requires a VPN device located on-premises that has a public IP address assigned to it.
VPN Gateway can be configured in active-standby mode using one public IP or in active-active mode using two public IPs. In active-standby mode, one IPsec tunnel is active and the other tunnel is in standby. In this setup, traffic flows through the active tunnel, and if some issue happens with this tunnel, the traffic switches over to the standby tunnel. Setting up VPN Gateway in active-active mode is *recommended* in which both the IPsec tunnels are simultaneously active, with data flowing through both tunnels at the same time. Another advantage of active-active mode is that customers experience higher throughputs.
22
-
23
-
You can create more than one VPN connection from your virtual network gateway, typically connecting to multiple on-premises sites. When working with multiple connections, you must use a RouteBased VPN type (known as a dynamic gateway when working with classic VNets). Because each virtual network can only have one VPN gateway, all connections through the gateway share the available bandwidth. This type of connection is sometimes referred to as a "multi-site" connection.
21
+
You can create more than one VPN connection from your virtual network gateway, typically connecting to multiple on-premises sites. When working with multiple connections, you must use a RouteBased VPN type. Because each virtual network can only have one VPN gateway, all connections through the gateway share the available bandwidth. This type of connectivity design is sometimes referred to as *multi-site*.
24
22
25
23
:::image type="content" source="./media/design/multi-site.png" alt-text="Diagram of site-to-site VPN Gateway cross-premises connections with multiple sites." lightbox="./media/design/multi-site.png":::
26
24
25
+
If you want to create a design for highly available gateway connectivity, you can configure your gateway to be in active-active mode. This mode lets you configure two active tunnels (one from each gateway virtual machine instance) to the same VPN device to create highly available connectivity. In addition to being a highly available connectivity design, another advantage of active-active mode is that customers experience higher throughputs.
26
+
27
+
* For information about selecting a VPN device, see the [VPN Gateway FAQ - VPN devices](vpn-gateway-vpn-faq.md#s2s).
28
+
* For information about highly available connections, see [Designing highly available connections](vpn-gateway-highlyavailable.md).
29
+
* For information about active-active mode, see [About active-active mode gateways](about-active-active-gateways.md).
## <aname="highly-available"></a>Highly available connections
81
+
## Highly available connections
78
82
79
-
For planning and design for highly available connections, see [Highly available connections](vpn-gateway-highlyavailable.md).
83
+
For planning and designing highly available connections, including active-active mode configurations, see [Design highly available gateway connectivity for cross-premises and VNet-to-VNet connections](vpn-gateway-highlyavailable.md).
| Classic (legacy deployment model)|[Tutorial*](../articles/vpn-gateway/vpn-gateway-howto-vnet-vnet-portal-classic.md)|Supported | Not Supported|
13
-
| Connections between Resource Manager and Classic (legacy) deployment models|[Tutorial*](../articles/vpn-gateway/vpn-gateway-connect-different-deployment-models-portal.md)|[Tutorial](../articles/vpn-gateway/vpn-gateway-connect-different-deployment-models-powershell.md)| Not Supported |
14
12
15
-
(+) denotes this deployment method is available only for VNets in the same subscription.<br>
16
-
(*) denotes that this deployment method also requires PowerShell.
13
+
(+) Denotes this deployment method is available only for VNets in the same subscription.
0 commit comments