Connect VNet1 to On-Premises Network with Site-to-Site VPN
Question
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using
Azure ExpressRoute.
You plan to prepare the environment for automatic failover in case of ExpressRoute failure.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.ADE
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portalTo connect VNet1 to the on-premises network by using a site-to-site VPN and minimize cost, you should perform the following three actions:
A. Create a connection: To create a site-to-site VPN connection, you need to create a connection object in Azure that represents the VPN connection between Azure and your on-premises network. This can be done in the Azure portal by navigating to the virtual network gateway for VNet1 and clicking on "Connections" and then "Add". In the "Add connection" blade, you will need to specify the connection type as "Site-to-site (IPSec)" and specify the details for the local network gateway (see next step).
B. Create a local site VPN gateway: To create a site-to-site VPN connection, you need to specify the details of your on-premises network by creating a local network gateway in Azure. This can be done in the Azure portal by navigating to the local network gateway page and clicking on "Add". In the "Add local network gateway" blade, you will need to specify the details of your on-premises network, such as the public IP address of your VPN device and the address space for your on-premises network.
C. Create a VPN gateway that uses the Basic SKU: To minimize cost, you should create a VPN gateway that uses the Basic SKU. This SKU is less expensive than the VpnGw1 SKU, but it has lower performance and fewer features. You can create a VPN gateway in the Azure portal by navigating to the virtual network gateway for VNet1 and clicking on "Create gateway". In the "Create virtual network gateway" blade, you will need to specify the SKU as "Basic".
D. Optionally, Create a gateway subnet: When you create a VPN gateway, you can optionally create a separate subnet in your virtual network to host the VPN gateway resources. This is called the gateway subnet. Creating a gateway subnet is recommended, as it provides a dedicated subnet for your VPN gateway resources and helps avoid IP address conflicts. You can create a gateway subnet in the Azure portal by navigating to the virtual network for VNet1 and clicking on "Subnets". Then click on "Add" and specify the subnet details.
E. Do not create a VPN gateway that uses the VpnGw1 SKU: The VpnGw1 SKU is more expensive than the Basic SKU, so creating a VPN gateway that uses this SKU would not minimize cost. Additionally, the VpnGw1 SKU is designed for high-performance VPN scenarios, such as connecting to large-scale virtual networks or high-volume traffic scenarios, which may not be necessary for your site-to-site VPN setup.
