cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Express route IPSEC termination

Securitylearner
Copper Contributor

‎Dec 01 2020 12:06 PM

‎Dec 01 2020 12:06 PM

Express route IPSEC termination

Hello All ,

 

we will be building an Express route for our traffic from on -prem to Azure vnets .

 

We want all this traffic to be encrypted . We have a FW on-prem .

 

On Azure side ,  So we have to rely on Azure  VPN GW ? or we can use another vendor device like Palo Alto FW  inside Azure VNET ?

 

Also , if Azure VGW is the only option , how many tunnels can be terminated on it ? Any limit 

1,293 Views
0 Likes
1 Reply
Reply
1 Reply
michaelelleby123

‎Dec 13 2020 01:38 AM

‎Dec 13 2020 01:38 AM

Re: Express route IPSEC termination

Microsoft describes this exact scenario in the documentation: "VPN tunnels over Microsoft peering can be terminated either using VPN gateway, or using an appropriate Network Virtual Appliance (NVA) available through Azure Marketplace" I have successfully used a Cisco NVA for terminating end-to-end VPN between on-premises and Azure VNETs, for a client. So the answer is, yes you can use third party NVA to establish end-to-end VPN over Express Route.

0 Likes
Reply