Azure VPN or Express Route: Is Traffic Encrypted?

Time to time, during our Microsoft Cloud projects, we get pretty much the same question: “Do Azure VPN or ExpressRoute provide traffic encryption?” So, here is an explanation :)…

Azure VPN tunnels, for Site-to-Site connectivity, are by design (and yes, it’s by default) encrypted using IPSEC. Encryption is also provided for Point-to-Site using  Secure Socket Tunneling Protocol (SSTP).

ExpressRoute is an Azure service that lets us create private connections between Microsoft datacenters and infrastructure that’s on our premises or in a colocation facility. ExpressRoute connections do not go over the public Internet! Express Route does not provide network traffic encryption for its circuits!

If you need encryption you would need to implement this which could be done a number of ways:

  • Application level encryption
  • OS level encryption using technologies such as IPSec
  • Third-party appliance that performs encryption

VPN Gateway FAQ: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-vpn-faq

Written by Misha Hanin

Trusted Business & Technology Advisor, Solutions Managing Director & Senior Solutions Architect at iRangers International Inc. with more than 25 years of experience in the field of information technology, infrastructure analysis and design, implementing innovative and leading technologies for International companies around the globe in public and private sectors.

Over the years I was able to develop very strong technical and engineering skills which helped me to earn trusted advisor status with our clients. As one of the nearly 500 trained Microsoft Certified Masters (MCM) in The World (during 10 years existence of MCM program, just about 500 people in The World participated in this very intensive training), I have a winning track record in building and bringing projects to operational and measurable success.

I am honored to have been awarded Microsoft Most Valuable Professional (MVP). This award is given to "exceptional, independent community leaders who share their passion, technical expertise, and real-world knowledge of Microsoft products with others."