Forum Discussion
Express route IPSEC termination
Hello All ,
we will be building an Express route for our traffic from on -prem to Azure vnets .
We want all this traffic to be encrypted . We have a FW on-prem .
On Azure side , So we have to rely on Azure VPN GW ? or we can use another vendor device like Palo Alto FW inside Azure VNET ?
Also , if Azure VGW is the only option , how many tunnels can be terminated on it ? Any limit
1 Reply
Microsoft describes this exact scenario https://docs.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering: "VPN tunnels over Microsoft peering can be terminated either using VPN gateway, or using an appropriate Network Virtual Appliance (NVA) available through Azure Marketplace" I have successfully used a Cisco NVA for terminating end-to-end VPN between on-premises and Azure VNETs, for a client. So the answer is, yes you can use third party NVA to establish end-to-end VPN over Express Route.
