![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 80%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,622 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
Please go through the following points:
- Please review all address ranges involved and make sure that there are no overlaps.
- The subnet designated for the VPN Gateway must be named exactly GatewaySubnet. Case-sensitive, no spaces or variations.
- The GatewaySubnet should be at least /29 or larger
- The GatewaySubnet should be exclusively for the VPN gateway. It cannot contain any other resources like VM.
- Make sure that the client address pool is a valid private IP address range that doesn't overlap with anything.
- The pool must have enough addresses for your expected number of concurrent VPN users.
- Make sure that the pool address range falls within the address range of the VNet.
- If the root certificate isn't uploaded correctly or is in the wrong format, the validation will fail, so please re-upload your root certificate, ensuring it's in the correct format (Base-64 encoded X.509 .CER) and that you're uploading the public key, not the private key.
- If you're using an intermediate CA, make sure the entire certificate chain is correctly established.
- Make sure your VPN Gateway SKU matches your Point to Site requirements. Consider upgrading to VpnGw1 or higher if you need more features or capacity. Also note that basic SKU does not support IKEv2 and Radius authentication. For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about#:~:text=The%20Basic%20SKU%20has%20limitations%20and%20does%20not%20support%20IKEv2%2C%20IPv6%2C%20or%20RADIUS%20authentication.%20For%20more%20information%2C%20see%20VPN%20Gateway%20settings.
- Please copy the Base-64 encoded certificate data excluding -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
Kindly let us know if the above helps or you need further assistance on this issue.
If you feel that your queries have been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.
Thanks,
Sai.