Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Network Tunnel Configuration Configure a Site-to-Site VPN tunnel with Microsoft Azure Configure S2S Tunnels with Static Routing Step 1: Create a VPN Gateway in Microsoft Azure

Last updated: Aug 07, 2025

Step 1: Create a VPN Gateway in Microsoft Azure

The Azure S2S IPsec tunnel is sourced from the VPN Gateway. If you have already deployed a VPN Gateway in your Azure environment, skip ahead to step 2.

  1. In the Azure admin portal, navigate to your resource group and click Create.
  2. Search the marketplace for Virtual network, then click Create.
  3. Configure the virtual network.

    • Basics: Select the Subscription and Resource group with the resources that you want to make available via the S2S VPN tunnel.

    • IP addresses: Configure a virtual network address with the IPv4 addresses and subnets you need. This example uses the range 10.255.0.0/16.

    • Review the configuration and click Create. Azure will deploy the virtual network and update the dashboard when deployment is complete.

  4. Create the gateway subnet.
    1. Navigate to Go to resource > Settings > Subnets.
    2. Click + Subnet and configure the following:
      1. Subnet purpose: Virtual Network Gateway
      2. Enable Include an IPv4 address space (it is enabled by default)
      3. IPv4 address range will default to the address space you configured when you created the virtual network. This example uses the range 10.255.0.0/16.
      4. Starting address: This example uses 10.255.255.0.
      5. Size: This example uses /27 (32 addresses)
      6. Click Add.
  5. Create the virtual network gateway.
    1. Navigate to Overview > Resource group (click the name of your resource group) > + Create.
    2. Search the marketplace for Virtual network gateway, then click Create.
  6. Configure the virtual network gateway:
    1. SKU: VpnGw2AZ. For more information, see About gateway SKUs.
    2. Generation: Generation2
    3. Virtual network: Select the virtual network you created in the previous step.
    4. Public IP address: Create new.
      1. Public IP address name: Enter a descriptive name for the primary IP address.
      2. Enable active-active mode: Enabled.
    5. SECOND PUBLIC IP ADDRESS: Create new.
      1. Public IP address name: Enter a descriptive name for the primary IP address.
      2. Configure BGP: Disabled.

    • Review the configuration, then click Create. Azure will deploy the virtual network gateway and update the dashboard with the two public IP address resources when deployment is complete.

    • To review your configuration after deployment is complete, navigate to Settings > Properties.

Previous topic Configure S2S Tunnels with Static Routing Next topic Step 2: Create a network tunnel group in Secure Access