msidnam
asked on
Purpose of Azure Gateway Subnet when creating a VPN
I'm starting to get my feet wet with Azure. I've been getting myself familiar with the VM's, networking, etc.
One area where I am confused is when creating a VPN, every Azure article i find has you creating a Gateway Subnet. What is the purpose of creating this when I've already created an address space and then a couple subnets within that address space? I know i must be missing something but it seems to be a waste of IP's and subnets (even if you make it a /27 or /28) when creating a Gateway Subnet.
Is it just for the VPN or something else?
One area where I am confused is when creating a VPN, every Azure article i find has you creating a Gateway Subnet. What is the purpose of creating this when I've already created an address space and then a couple subnets within that address space? I know i must be missing something but it seems to be a waste of IP's and subnets (even if you make it a /27 or /28) when creating a Gateway Subnet.
Is it just for the VPN or something else?
ASKER
Thank you, but this seems to be straight from the other articles I've read. I'm trying to understand why the gateway subnet is needed. Is it just a bridge from the VPN connections to the address space and other subjects?
The reason I am asking is because if I like azure I will be moving a large network to it and I want to make sure I create the address space, subnets, gateway sinners, VPNs, etc with enough IPs since it looks like changing or moving VMs to different address spaces isn't easy.
Right now it looks like I should create an address space of something like 192.168.0.0/16. Create several /24 subnets within that range and possible a /23 gateway subnet for VPN. But to me that seems like a waste but probably something that should be done to be safe and to make sure I don't run out of IPs.
The reason I am asking is because if I like azure I will be moving a large network to it and I want to make sure I create the address space, subnets, gateway sinners, VPNs, etc with enough IPs since it looks like changing or moving VMs to different address spaces isn't easy.
Right now it looks like I should create an address space of something like 192.168.0.0/16. Create several /24 subnets within that range and possible a /23 gateway subnet for VPN. But to me that seems like a waste but probably something that should be done to be safe and to make sure I don't run out of IPs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The minimum size of your gateway subnet depends entirely on the configuration that you want to create. Although it is possible to create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /28 or larger (/28, /27, /26, etc.).
Creating a larger gateway size prevents you from running up against gateway size limitations. For example, you may have created a virtual network gateway with a gateway subnet size /29 for a S2S connection. You now want to configure a S2S/ExpressRoute coexist configuration. That configuration requires a gateway subnet minimum size /28. To create your configuration, you would have to modify the gateway subnet to accommodate the minimum requirement for the connection, which is /28.