Joe Freeman

Azure supports two types of VPN connections.  Site-to-site bridges your internal network to an Azure VLAN effectively creating a single large routable network.  Point-to-site joins a single machine to an Azure VLAN effectively putting that machine behind the Azure firewall. You can get a high level overview of this from  previous b log.  I also walked through how to create a point-to-site in a previous blog . I wanted to join my home office network to Azure so that I had  back side  access to all of my IaaS machines.  These machines are all installed on a VLAN (10.0.2.x) with ACLs blocking external port access. My home office runs with a single public IP with a Netgear FVS318N VPN capable firewall behind my cable modem. I do not have a complicated nested network.  The office is a 192.168.1.x network in a NAT configuration behind the Netgear. Some Microsoft documents recommend a Windows RRAS server with multiple LAN cards in it. One LAN card connects to the CableModem/DSL adapter an

Azure is primarily aimed at public facing services and web sites. You can see this in the way some Cloud Service features are only available at Azure's public edge.  Azure provides the ability to interact  machines remotely through the public ports and services. Sometimes you don't want everything  exposed to the internet so you can get access to it. A VPN can be used in those cases provide secure no public machine-to-network or network-to-network connectivity Standard Access Applications and services are deployed in the Azure environment as a kind of virtual data center.  Individual machines and programs communicate with each other using the internal Azure network.  Azure virtual machines can also communicate from Azure to other sites on the internet. Machines external to Azure normally communicate with Azure machines through their publicly defined service interface points. Most services run on standard ports for Azure-to-Azure  communications. They can be made public