local network gateway vs virtual network gateway

Question

Hi

I'm trying to set up a VPN in an Azure virtual network but I can't find anything on the differences between a local network gateway and a virtual network gateway. The only difference I can find is in the store description. The virtual network gateway seems to says that 99.9% SLA and ExpressRoute is supported while the local one doesn't mention this. Is this the only difference between the two? I want to use one of these gateways for connecting multiple pfSense boxes in physical locations to the Azure network via OpenVPN.

Thanks in advance 

---

Abdullah Seba

Answer 1

Hi, 

VPN gateway is the one which is forms the tunnel to your On-Prem device. 

Local Network gateway is used to teach the VPN gateway whom you want to connect and what is the peer IP address ranges. 

Hope this helps. 

Regards, 

Msrini

Answer 2

Please let me know, is Local Network Gateway required for all on-prem network connections like Site-to-Site, Point-to-Site and VNet-to-VNet?

Moreover, please suggest me a link, showing a connection diagram of Subnet, Gateway Subnet, Virtual Network, Local Network Gateway and Virtual Network Gateway in Azure.

Best Regards

MrGNS

---

InTechSys

Answer 3

Unless you are using an NVA, a Local Network Gateway is required for a P2S and S2S Connection. You can find reference architectures for Azure Networking Here. 

Answer 4

There can be various scenarios for P2S and S2S. I read some articles for virtual network gateway and local network gateway. I have seen and read some scenarios.

Sometimes virtual network gateway was required only one side, in some cases virtual network gateway was both side and in some cases one side is virtual network gateway and another side is local gateway network.

At the end, I believe, I get puzzled. Please be kind and let me know, in which scenarios, virtual network gateway is required and in which scenario local network gateway is required?

---

InTechSys

Answer 5

Please let me know about one scenario.

An organization’s DC and AD (Windows Server 2016) setup and configured at Azure.

Now the IT executive of the organization has to join organization’s desktop computers to the DC setup at Azure. I believe this is S2S. Are both (virtual network gateway and local network gateway) required here? If yes, at which end? Please assist me to understand this scenario.

---

InTechSys

Answer 6

In Azure, a Virtual Network Gateway is only required when you are using Azure's native P2S VPN, S2S VPN, or an ExpressRoute. 

A Local Network Gateway is part of a Virtual Network Gateway, and is used to describe connected address spaces for routing.

If you are not using Azure's versions of these services and are using an NVA, you will not need a VNET Gateway, or a Local Network Gateway. 

In the Scenario that you describe with the DC and AD in Azure, you will need a S2S VPN between the Azure VNET and your on-prem environment. If you are using Azure's Native S2S VPN to connect to you on-premise, you should review your on-prem's VPN Device configuration guidance from either this list of validated configurations in Azure, or your VPN Device manufacturer's Azure specific configuration guidance. You will find instructions on how exactly to configure the VPN and best practices to use there.