Skip to main content

Create Azure Virtual Network Gateway with Basic SKU Using PowerShell

Why Do You Need a Virtual Network Gateway?

A Virtual Network Gateway is essential for establishing secure connectivity between your on-premises network and Azure Virtual Network (VNet). It acts as the VPN endpoint in Azure, encrypting traffic using IPsec/IKE tunnels. Without it, you cannot create a secure VPN tunnel to Azure.

Why Use the Basic SKU?

  • Cost-Effective: The Basic SKU is the most affordable option, making it ideal for test, dev, or non-production environments.
  • Quick Deployment: Unlike higher SKUs that can take 30–45 minutes, the Basic SKU typically deploys in only 7–10 minutes.
  • Sufficient for Small Workloads: Supports basic VPN connectivity without advanced features like BGP or high throughput.
Note: The Basic SKU is no longer available in the Azure Portal UI, but you can still deploy it using PowerShell or Azure CLI.

PowerShell Script to Deploy Basic SKU VPN Gateway

Here’s how to create a Virtual Network Gateway with Basic SKU in an existing VNet that already has a GatewaySubnet:
# Variables
$rg          = "rg-azxx-org-vpn"
$vnetName    = "vnet-azxx-org-vpn"
$gwName      = "vng-azxx-org-vpn"
$pipName     = "pip-vng-azxx-org-vpn"

# Resolve location from the existing resource group
$location = (Get-AzResourceGroup -Name $rg).Location

# Get existing VNet and GatewaySubnet
$vnet     = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rg
$gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

# Create the required Public IP (Basic + Dynamic for Basic SKU gateways)
$pip = New-AzPublicIpAddress -Name $pipName -ResourceGroupName $rg -Location $location `
       -Sku Basic -AllocationMethod Dynamic

# Build the gateway IP configuration (binds GatewaySubnet + Public IP)
$ipcfg = New-AzVirtualNetworkGatewayIpConfig -Name "gwipconfig1" `
         -SubnetId $gwSubnet.Id -PublicIpAddressId $pip.Id

# Create the VPN Gateway (Basic SKU). Use RouteBased unless you specifically need PolicyBased.
New-AzVirtualNetworkGateway -Name $gwName -ResourceGroupName $rg -Location $location `
  -IpConfigurations $ipcfg -GatewayType Vpn -VpnType RouteBased -GatewaySku Basic

Key Points

  • Ensure your VNet has a GatewaySubnet (required for the gateway).
  • The Public IP must be Basic SKU and Dynamic allocation.
  • Use RouteBased VPN type unless you have a specific need for PolicyBased.

Summary

The Basic SKU Virtual Network Gateway is a budget-friendly and fast-to-deploy option for test or non-production environments. While it lacks advanced features, it’s perfect for simple VPN connectivity scenarios.

Labels:

Comments

Post a Comment

Popular posts from this blog

Workload Protection with Microsoft Defender for Cloud

‘ Microsoft Defender for Cloud’ (previously known as Azure Security Center and Azure Defender) is a tool that strengthen your Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) . It protects your workload running in Azure, hybrid, or any other cloud platforms. In this blogpost, we will mainly focus on Cloud Workload Protection (CWP), which are typically agent-based workload-centric security protection solutions along with below topics. 1.                           Enable ‘ Microsoft Defender for Cloud ’ on your subscriptions 2.                           Enable Enhanced security features 3.                           Workload Protection a.       Dashboard coverage b. ...
Post a Comment
Read more

Securing Azure Virtual Desktop

Introduction Azure Virtual Desktop (AVD) offers a powerful and flexible solution for delivering virtualized desktops and applications. However, like any cloud-based service, AVD requires robust cybersecurity measures to protect sensitive data and ensure business continuity. This post explores key cybersecurity best practices, security features, and strategies for securing your AVD environment. Understanding the Threat Landscape Before diving into specific security measures, it's crucial to understand the potential threats targeting AVD environments. These include: Malware:  Viruses, ransomware, and other malicious software can compromise virtual desktops and steal data. Phishing:  Attackers may use phishing emails or websites to trick users into revealing their credentials. Brute-force attacks:  Attackers may attempt to guess user passwords through automated attacks. Insider threats:  Malicious or negligent employees ca...
Post a Comment
Read more

The Beginner's Guide to Understand AI in 2025

Artificial Intelligence (AI) is reshaping the world at an unprecedented pace. In 2025, AI is not just a buzzword—it's a core technology that impacts everything from business and health to how we work, shop, and communicate. If you’re new to AI, this guide is for you. Here’s a simple, structured introduction to what AI is, how it works, and how you can make sense of its impact on our daily lives. What Is Artificial Intelligence? AI refers to machines or computer systems that mimic human intelligence. This includes learning from data, understanding language, recognizing images, making decisions, and even generating creative content. Think of AI as the “brains” powering smart assistants like Siri, recommending videos on YouTube, or detecting fraud in your online banking. Types of AI Narrow AI: Performs specific tasks (e.g., voice assistants, image recognition). This is what most AI in 2025 is. General AI: Theoretical machines with human-like cognition across any task. We’re not ther...
Post a Comment
Read more

Contact Form

Name

Email *

Message *