Virtual Network Gateway
In order to process incoming VPN connections, we need to add a Virtual Network Gateway to our virtual network. There are two types of virtual network gateways - Route Based and Policy Based. The Policy Based gateway came earlier and is known to work nicely with somewhat old Cisco ASA we have.
So, go ahead and add the Virtual Network Gateway resource to our resource group.
When creating virtual network gateway, specify the following parameters.
| Setting Name | Value |
|---|---|
| Name | vpn-virtual-network-gateway |
| Gateway type | VPN |
| VPN Type | Policy-Based |
| SKU | Basic |
| Generation | Generation1 |
| Virtual Network | vnet-azure-proxy |
| Gateway subnet address range | 10.2.1.0/24 |
| Public IP Address | vpn-public-ip |
For your reference here is the screenshot of the review page just before creating.
Note the wizard added one more subnet with pre-defined name GatewaySubnet and address range 10.2.1.0/24 to our virtual network; this subnet will later be used only by the Virtual Network Gateway. More information can be found in this article.