Manage a public IP address with a VPN gateway
Public IP addresses are available in two SKUs; standard, and basic. The selection of SKU determines the features of the IP address. The SKU determines the resources that the IP address can be associated with.
A VPN gateway is a virtual network gateway used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. A VPN gateway requires a public IP address for its configuration. A public IP address is used as the external connection point of the VPN.
VPN gateway supports standard and basic SKU public IP addresses depending on the SKU of the VPN gateway. Public IP prefixes aren't supported.
In this article, you learn how to create a VPN gateway using an existing public IP in your subscription.
Prerequisites
- An Azure account with an active subscription. Create one for free.
- One standard SKU public IP address in your subscription. The IP address can't be associated with any resources. For more information on creating a standard SKU public IP address, see Create a public IP address using the Azure portal.
- For the purposes of the examples in this article, name the new public IP addresses myStandardPublicIP.
Create VPN gateway using existing public IP
In this section, you create a VPN gateway. You select the IP address you created in the prerequisites as the public IP for the VPN gateway.
Create virtual network
Sign in to the Azure portal.
In the search box at the top of the portal, enter Virtual network.
In the search results, select Virtual networks.
Select + Create.
In Create virtual network, enter or select the following information.
Setting Value Project details Subscription Select your subscription. Resource group Select Create new.
Enter myResourceGroupVPN.
Select OK.Instance details Name Enter myVNet. Region Select West US 2. Select the Review + create tab, or select the blue Review + create button.
Select Create.
In the search box at the top of the portal, enter Virtual network.
In the search results, select Virtual networks.
Select myVNET in Virtual networks.
Select Subnets in Settings of myVNET.
Select + Gateway subnet.
In Add subnet, change the Subnet address range from /24 to /27.
Select Save.
Create VPN gateway
In the search box at the top of the portal, enter Virtual network gateway.
In the search results, select Virtual network gateways.
Select + Create.
In Create virtual network gateway, enter or select the following information.
Setting Value Project details Subscription Select your subscription. Instance details Name Enter myVPNGateway. Region Select West US 2. Gateway type Leave the default of VPN. VPN type Leave the default of Route-based. SKU Select VpnGw1AZ. Virtual network Select myVNet. Subnet Entry will autoselect GatewaySubnet you created earlier Public IP address Public IP address Select Use existing. Choose public IP address Select myStandardPublicIP or your public IP address Enable active-active mode Leave the default of Disabled. Configure BGP Leave the default of Disabled. Select the Review + create tab, or select the blue Review + create button.
Select Create.
Note
This is a simple deployment of a VPN gateway. For advanced configuration and setup, see Tutorial: Create and manage a VPN gateway using Azure portal.
For more information on Azure VPN Gateway, see What is VPN Gateway?
Change or remove public IP address
VPN Gateway doesn't support changing the primary public IP address after creation.
Caveats
- Public IPv6 addresses aren't supported for VPN Gateways at this time.
Next steps
In this article, you learned how to create a VPN gateway using an existing public IP address.
- To learn more about public IP addresses in Azure, see Public IP addresses.
- To learn more about VPN gateways, see What is VPN Gateway?