Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Purpose of Azure Gateway Subnet when creating a VPN

Posted on 2016-10-29
3
Medium Priority
?
974 Views
Last Modified: 2016-11-12
I'm starting to get my feet wet with Azure. I've been getting myself familiar with the VM's, networking, etc.

One area where I am confused is when creating a VPN, every Azure article i find has you creating a Gateway Subnet. What is the purpose of creating this when I've already created an address space and then a couple subnets within that address space? I know i must be missing something but it seems to be a waste of IP's and subnets (even if you make it a /27 or /28) when creating a Gateway Subnet.

Is it just for the VPN or something else?
0
Comment
Question by:msidnam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:No More
ID: 41865208
To configure a virtual network gateway, you first need to create a gateway subnet for your VNet. The gateway subnet must be named GatewaySubnet to work properly. This name lets Azure know that this subnet should be used for the gateway.

The minimum size of your gateway subnet depends entirely on the configuration that you want to create. Although it is possible to create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /28 or larger (/28, /27, /26, etc.).

Creating a larger gateway size prevents you from running up against gateway size limitations. For example, you may have created a virtual network gateway with a gateway subnet size /29 for a S2S connection. You now want to configure a S2S/ExpressRoute coexist configuration. That configuration requires a gateway subnet minimum size /28. To create your configuration, you would have to modify the gateway subnet to accommodate the minimum requirement for the connection, which is /28.
0
 
LVL 2

Author Comment

by:msidnam
ID: 41865224
Thank you, but this seems to be straight from the other articles I've read. I'm trying to understand why the gateway subnet is needed. Is it just a bridge from the VPN connections to the address space and other subjects?

The reason I am asking is because if I like azure I will be moving a large network to it and I want to make sure I create the address space, subnets, gateway sinners, VPNs, etc with enough IPs since it looks like changing or moving VMs to different address spaces isn't easy.

Right now it looks like I should create an address space of something like 192.168.0.0/16. Create several /24 subnets within that range and possible a /23 gateway subnet for VPN. But to me that seems like a waste but probably something that should be done to be safe and to make sure I don't run out of IPs.
0
 
LVL 7

Accepted Solution

by:
No More earned 2000 total points
ID: 41865237
Is cloud environment it doesn't matter if you waste IP address spaces

It's all about security and routing between subnets

You can always contact support and they will help you, in case you run in problems or you are not sure about anything
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question