![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 59%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 42%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Hi Akhil P Sasi,
Thank you for reaching out to the Microsoft Q&A forum.
Here we would like to provide guidance on your requirements, you can follow & practice for the same.
- Configure the Site-to-Site VPN Tunnel
- Go to the Azure portal and create a Virtual Network Gateway.
- Set the SKU and gateway type to VPN.
- Make sure you choose a location that matches your Virtual Network
Reference link for S2S config:https://free.blessedness.top/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
- Azure VPN Gateway Setup
- Create a GatewaySubnet in your VNet (minimum /27 CIDR).
- Deploy a Route-based VPN Gateway (recommended for flexibility and BGP support).
- Ensure the SKU (e.g., VpnGw1 or higher) matches your throughput and SLA needs.
Create Local Network Gateway & Shared VPN Gateway
- In the Azure portal, create a Local Network Gateway.
- Provide the public IP address of your on-premises firewall and specify the address space that your on-premises network uses
- Navigate to the Virtual Network Gateway settings.
- Under Connections, click on Add.
- Choose the connection type as Site-to-Site (IPsec).
- Enter a shared key (make sure this matches the configuration on your on-premises VPN device), this shared key used for IPsec tunnel authentication.
On-Premises VPN Device
- Configure your Checkpoint firewall for IPsec/IKEv2.
- Use a static public IP (no NAT) for the VPN device.
- Match the shared key and IPsec/IKE parameters with Azure settings.
You might need to use a configuration template or script for your specific device, which can be found at this reference link: https://free.blessedness.top/en-us/azure/vpn-gateway/vpn-gateway-download-vpndevicescript
Routing Best Practices
In Azure
- Use BGP if dynamic routing is needed; otherwise, configure static routes.
- For SQL connectivity, ensure the subnet where the VM resides has a route to the on-prem network via the VPN Gateway.
On-Prem
- Add routes for Azure VNet address space pointing to the VPN tunnel.
- To avoid overlapping IP Ranges, plan IP addressing carefully to prevent conflicts.
Firewall Rules & security
- On prem-Configure your on-premises firewall to allow traffic on the necessary SQL Server ports (default is 1433).
- Azure-Enable appropriate NSGs (Network Security Groups) in Azure that permit SQL traffic
Endpoint Configuration for SQL
- Use private IP of the SQL Server for connectivity.
- Update connection strings in the application to point to the SQL Server’s private IP or DNS name resolvable via your hybrid DNS setup.
- If latency-sensitive, consider SQL Always On or caching strategies
Additionally
- Enable VPN Gateway diagnostics and Connection Monitor for health checks.
- For high availability, consider Active-Active VPN Gateway and redundant on-prem VPN devices.(reference link :https://free.blessedness.top/en-us/azure/vpn-gateway/about-active-active-gateways)
- Ensure the Shared Key is strong and matches both configuration sides.
- Check the logs on both the Azure side and the on-premises side to troubleshoot any connection issues.
Hope you find this comment helpful, if yes, please “up-vote” for the information provided , this can be beneficial to community members.
Kindly let us know if you have any additional questions.
Thanks