![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 99%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBN%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,566 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
I understand your concern about whether an Azure Site-to-Site (S2S) VPN automatically creates an Access Control List (ACL) in the Gateway Subnet.
Azure does not create an Access Control List (ACL) in the GatewaySubnet when you create a S2S VPN connection. Instead, Azure creates a default security rule that allows all traffic from the on-premises network to the GatewaySubnet. This rule is created when you create a VPN Gateway and cannot be modified or deleted.
I see there is a spot to allow an NSG on the GatewaySubnet.. but it is not recommended for it and others have commented that it will break communications for the VPN and Azure
yes, you're correct.
If you have any further queries, do let us know.
Thanks,
Rohith
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.