AZ-104:- VPN Gateways ? Types of VPN ? Policy-based VPNs ? Route-based VPNs ?

hey guys welcome back to my YouTube

channel and today in this video we are

going to learn about Azure VPN Gateway

fundamentals in which there are four

topics we are going to cover the first

one is what is VPN gateways and uh types

of vpns uh apart from this we have

policy based VPN and root based VPN I

hope this video will be informative

because these are the very very

important things okay and uh subject so

I would suggest you to make a note guys

okay don't take things slightly

or very lightly it is up to you my job

is to just tell you okay

so what we are going to see is azure VPN

Gateway fundamentals so first of all let

me tell you few things

I will take one highlighter

so guys

vpns use an encrypted tunnel okay so for

example this is your cloud and this is

your on-premises

infra so if you make a connectivity by

VPN so they will use encrypted Channel

they will create channel here okay and

that will be

encrypted okay

they are typically deployed to connect

two or more trusted private Network to

one another over an untrusted Network

typically the public internet

and traffic is encrypted while traveling

over the interested Network to prevent

uh like to prevent any other attack okay

so this is the very simple scenario

about VPN

data will be traveling through

tunnels and that will be encrypted

okay so attacks and hacking is not

possible and it will be traveling over

untrusted Network which is internet

so that is why it will encrypt your data

or it is using channel so your data your

communication information should be

protected

apart from this

uh

for example let's see for our ABCD

Trader scenario VPN can enable branches

or Branch offices to share sensitive

information between locations and for

example let's say that your office

offices on the east coast region of

North America need to access your

company's private customer data which is

stored on servers that are physically

located in west coast region so you got

a East Coast here and this is your best

course so you have two location now you

want to make that data should be

available for both the location or from

for example this is your ease and you

want to access data best so for this you

can use VPN okay

very simple a VPN can connect your East

Coast

offices to your West course servers

allowing your company to securely access

your private customer data that is why

it is used okay guys very simple thing

and let's see now what is PPN gateways

so

a VPN Gateway is a typically virtual

Network Gateway make a note of this it

is a virtual Network Gateway basically

Azure VPN Gateway instances are deployed

in dedicated subnet of the virtual

Network and enable the following

connectivity let's see

uh the very first one is connect

on-premises data centers to Virtual

Network through site to site connection

the very first one

next one connect individual devices to

Virtual Network through a point to site

connection you you saw here one is side

to side and the next one is point to

write connection okay guys so here you

can see what is mentioned connect

on-premises data center

to Virtual Network through side to side

connection and what about the next one

connect individual devices to Virtual

Network through a point to site

connection it is a point to site

connection and is using devices

next one connect virtual Network to

other virtual Network through

a network to network connection you saw

three things here we are talking about

the very first one compromises to

Virtual Network next one devices to

Virtual Network and the next one is

connect virtual Network to another

virtual Network through Network to

network connection so we have three

connectivity here okay guys

you can see here for example

we have one VPN Gateway here okay

this is your VPN Gateway you can see

and you have one range here or Network

it is your virtual Network one East US

and this side you can see on-premises

local site

okay and it is also having some IP

addresses

and you are using VPN Gateway so it it

has created one tunnel you can see this

tunnel okay and it it is having one IB

address also a VPN uh virtual IP address

basically it is

and it is using some sort of encryption

algorithm

so this is a very simple scenario

about VPN Gateway

so this VPN Gateway provides you three

type of security uh connectivity sorry

not security yes security is there

inside this connection okay

so the very first one is side to side

next one is pointer side and third one

is Network to network connection

apart from this all data transfer is

encrypted inside a private tunnel so

this is your private tunnel okay and

data is encrypted

as it crosses the internet you can

deploy only one VPN Gateway in each

virtual Network

so you can see here we have one virtual

Network one and we have deployed one a

VPN Gateway but you can use one gateway

to connect to multiple locations so you

can have one more location this side you

can have one more location this side

which includes other virtual Network or

on-premises data centers so you can have

multiple on-premises data center this

site but you can you you will have to

use only one one VPN get

video very simple guys let me move to

the next one

the next one is

when you deploy a VPN Gateway you

specify the VPN type either it is policy

based or root based so you have to

select one of these two so guys let me

go back and I will show you something

this one I wanted to show so what we

have learned so far one is VPN Gateway

what is VPN Gateway and types of VPN

okay

um now I'm talking about so these are

the types of VPN only two types of VPN

one is policy waste and the next one is

root based ppf

that is what mentioned here

when you deploy VPN Gateway you specify

the VPN type either policy based or root

based

the main difference between these two

these two type of VPN is how traffic to

be encrypted is specified so you should

make a different note guys what is the

difference between these two type is

just simply

how data is encrypted

very simple in a Zone both types of VPN

Gateway use a pre-shared key

as the only method of authentication so

both both type of bpn like policy waste

or root page they will be using a

pre-shared key okay for Authentication

both type also rely on internet key

exchange that is also known as Ike

uh this is internet key exchange

in either version 1 or version 2 and

Internet Protocol security ipsec which

is also known as well guys

so the same thing you can see here it is

IP security okay and internet uh key

exchange

apart from this internet key action is

used to set up a security Association

which is like an agreement of the

encrypt encryption between two endpoints

so you can see everything has certain

role what is the role of Ike it is used

to set up security Association and

security Association is nothing but it

is a agreement between two and points

how to encrypt data

okay guys next one is

this Association is then passed to a

security Shield uh which encrypts and

decrypts data packets uh encapsulated in

the VPN Channel then

so

we'll see now what is policy based vpl

this is the first type of VPN okay

so guys policy based VPN

gateways specific specific

specify statically the IP address of

packet that should be encrypted through

each tunnel and this type of device

evaluates every packet against those

sets of IP addresses to choose the

tunnel where the packet is going to be

sent through so we can create multiple

policies here okay and let's see the

next one

VPN

the key features of policy based VPN

gateways in Azure include it supports

support for Ike version one only okay

and next one

use the static routing

where combination of address prefixes

from both Network control how traffic is

encrypted and decrypted through the VP

internal

and the source and destination of the

tunnel Network are declared in the

policy and don't need to be declared in

routing tables

apart from this policy based vpns must

be used in a specific scenario that

require them such as for compatibility

with Legacy on-premises VPN devices

so this was all about

policy based VPN now let's talk about

root based VPN

if defining which IP address are behind

each tunnel

is to uh circum

circum what is this

cumbersome cumbersome

okay

it's too cumbersome

root based gateways can be used

with root based gateways IP security

tunnels are modeled as a network

interface or virtual tunnel interface

IP routing either static or dynamic IP

routing or routing protocols decides

which one of the ah which one of these

tunnel interface to use when sending

each packet

and root waste tunnel root based vpns

are the preferred connection method for

on-premises devices

so if we have on-premises devices we

should use root based only

tell like which

interface do we use to communicate with

this particular on-premises infra okay

guys uh apart from this it can either be

like ipip routing can either be like you

know

static or dynamic routing protocol we

can use for this

this one is much preferable

okay

apart from this they are more resilient

to topology changes such as the creation

of new subnets

apart from this

use a root based VPN Gateway if you need

any of the following type of

connectivity like if you want to connect

connections between virtual networks

point to site connections multi-site

connections and coexistence with Azure

Express root gate root

Express root gateways in that condition

you should use root based VPN only that

is why I am telling it is a more

preferable VPN Gateway

and key features of root based VPN

gateways in Azure includes it suppose it

supports

Ike version 2

use any to any wild card traffic

selectors

uh can use Dynamic routing protocol

where routing forwarding table direct

traffic to different IP security tunnel

in this case

the source and destination Network are

not statically defined as they are in

policy based vpns or even in root based

vpns with static routing

instead data packets are encrypted based

on network routing table that are

created dynamically using routing

protocols such as border Gateway

protocol

so guys I'm done with this

just wanted to discuss this information

and if you feel it is informative

and what you have to do is

see on screen

and next video I will meet you with the

next Topic in the same

which is like uh

next to this uh virtual I mean virtual

Network okay next topic so till then bye