With custom IPsec/IKE policy, you can now set the exact cryptographic algorithms and key strengths on each S2S or VNet-to-VNet connection to satisfy your enterprise compliance and security requirements.
Azure VPN gateways utilize a default set of IPsec/IKE cryptographic algorithms that maximize interoperability with a wide range of 3rd party VPN devices.
Running mission-critical workloads require both performance and reliability.
We have re-written much of our documentation and will be providing more deployment blueprints, guidance, and best practices.
The new VPN gateways allow multiple sites using policy-based VPNs to connect to the same VPN gateway.
As we introduce the new VPN gateways, called Vpn Gw1, Vpn Gw2, and Vpn Gw3, we are also updating our deployment guidance.
With multiple tunnels Vpn Gw3 has shown 1.25 Gbps throughput in our tests.
Please note that the actual performance in production is highly dependent on the application behavior, the quality of your ISP, and the actual distance (network path) from your physical VPN device to the Azure region with your Azure VNet.