VPN Ipsec between Azure and On-Prem

Jérôme 21 Reputation points
2022-10-23T10:52:32.027+00:00

Hello,

I would like to connect our Azure infrastructure with our local sites via VPN Ipsec. On Azure, I use Palo Alto firewall.

What is the recommanded/best configuration : 1/ configure the Azure VPN Gateway to establish the VPN IPsec tunnel between Azure VPN Gateway and our firewall hosted on-prem ? 2/ Or create the VPN IPsec tunnel directly between the Palo Alto on Azure (on the Interface connected on the public zone) and our on-prem firewall ?

And regarding the cost, in both cases, we will pay the trafic in/out inside the tunnel? The only difference is if we use the Azure VPN Gateway (choice 1), we will also pay this appliance (~30€/month up 24h/24h)

BR
Jerome

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,535 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,446 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. msrini-MSFT 9,281 Reputation points Microsoft Employee
    2022-10-23T15:17:29.057+00:00

    Hi,

    I would suggest you to go with the Azure VPN based solution as it come with high availability and Microsoft manages this gateway which includes the patching, upgrade, etc.

    From the cost perspective, traffic in and out is paid on both the cases. If you use appliance, then you will not require VPN gateway. Similarly, if you don't use the VPN, you will be using the PA appliance for which you will be paying the VM per hour cost.

    Regards,
    Karthik Srinivas

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.