Connect Azure Virtual Network to On-Premises Network using Site-to-Site VPN

D

To connect VNet1 to the on-premises network by using a site-to-site VPN while minimizing cost, you need to perform the following three actions:

A. Create a VPN gateway that uses the VpnGw1 SKU: You need to create a VPN gateway in Azure that can handle the site-to-site VPN connection. The VpnGw1 SKU is the most cost-effective option that supports site-to-site VPN connectivity. This SKU is suitable for small to medium-sized organizations that need VPN connectivity with low to medium throughput requirements.

B. Create a connection: Once the VPN gateway is created, you need to create a connection to the on-premises network. This connection will allow traffic to flow between the Azure VNet and the on-premises network over the VPN tunnel.

C. Create a local site VPN gateway: You also need to create a local site VPN gateway on the on-premises network to connect to the Azure VPN gateway. The local site VPN gateway is a virtual device that represents the on-premises VPN device. It is used to authenticate and establish a secure connection between the on-premises network and the Azure VPN gateway.

Optional steps for the above setup:

D. Create a gateway subnet: The Azure VPN gateway needs a dedicated subnet to operate. Therefore, you need to create a gateway subnet in the VNet that will host the VPN gateway.

E. Create a VPN gateway that uses the Basic SKU: The Basic SKU is cheaper than the VpnGw1 SKU but has limited features and lower performance. This option is suitable for organizations with low VPN throughput requirements or those who want to try out VPN connectivity without incurring high costs. However, as the requirement is to use ExpressRoute along with Site-to-Site VPN, it is not applicable in this case.