书名：Implementing Azure：Putting Modern DevOps to Use
作者名：Florian Klaffenbach Oliver Michalski Markus Klein Mohamed Wali Namit Tanasseri Rahul Rai
本章字数：507字
更新时间：2025-02-23 06:01:45

Configuring Azure virtual network gateway

To configure the virtual network gateway, follow the given steps:

At first, we need to deploy the virtual network gateway. Therefore, we click Add in our resource group and search after virtual network gateway in the Azure marketplace:

After changing to the next blade, you need to configure your gateway. Therefore, you need to proceed as follows:

- Name: Set the name of the virtual network gateway.
- Gateway type: You need to choose between VPN and ExpressRoute. In our case we choose VPN.
- VPN type: Now you need to decide between Route-based and Policy-based, it is recommended to use Route-based if possible.
- SKU: Choose your gateway size, you can also enable active/active mode.
- Virtual network: Connect the virtual network gateway to a specific virtual network.
- Public IP address: Create a public IP for the gateway. You can also create BGP if necessary .
- Subscription: Choose a subscription you want to deploy into.
- Location: Choose an Azure region to deploy to. The region must be the same than the virtual network.

Which type of VPN you can use is based on your on-premises firewall. The following table shows the configuration you need to do on your on-premises firewall. IKE phase 1 setup:

IKE phase 2 setup:

Microsoft maintains a list of test and supported VPN devices which can be used by customers. You can find the list of devices and more information about the VPN setup at https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/.
If you don't have any of these devices or you didn't want to use a Windows server as VPN gateway, there is also the option to use free firewall solutions such as pfSense. Bart Decker wrote a great blog about the topic. You can find the blog at http://www.hybrid-cloudblog.com/pfsense-azure-hybrid-cloud/.

To finish the setup, we click Create. Now it will take around 45 minutes until our gateway is deployed.

In some cases and with some firewall for example, Cisco ASA you need to do some PowerShell to reconfigure the VPN policies to match the vendor specific configuration. The PowerShell commands can be found here. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell#a-name-paramsapart-2---supported-cryptographic-algorithms--key-strengths.

After the deployment is finished, we have created an Azure virtual network gateway as with the SKU basic. If you want to upgrade the gateway to standard or performance, you only need to run following PowerShell script against your Azure environment:

        Resize-AzureVNetGateway -GatewaySKU <gatewaysize>
         -VnetName <gatewayname>

PowerShell command example to resize to high performance gateway:

        Resize-AzureVNetGateway -GatewaySKU HighPerformance
         -VnetName DCF-ANE-GW01

PowerShell command example to resize to standard gateway :

        Resize-AzureVNetGateway -GatewaySKU Standard -VnetName
         DCF-ANE-GW01

The same works also with downsizing a gateway:

        Resize-AzureVNetGateway -GatewaySKU Basic -VnetName
         DCF-ANE-GW01

Besides the PowerShell way of resizing the gateway, Microsoft started to include the feature into the portal GUI. Therefor you need to navigate to the Gateway and open the detail blade:

Within the detail blade you go to Configuration and change the SKU. Afterwards you need to save the new SKU. Please be aware that the change of the SKU will take again up to 45 minutes: