Compare VPN gateway options, pricing, and bandwidth across providers.
| Feature | AWS | Azure | GCP |
|---|---|---|---|
| Service Name | AWS Site-to-Site VPN | Azure VPN Gateway | Cloud VPN |
| Protocols | IPSec / IKEv1 / IKEv2 | IPSec / IKEv1 / IKEv2 | IPSec / IKEv1 / IKEv2 |
| Max Tunnels per Gateway | 10 VPN connections per VGW; 2 tunnels each (20 tunnels total) | 30 tunnels (Basic/VpnGw1); up to 100 (VpnGw4/5) | 8 tunnels per HA VPN gateway interface (16 total for HA pair) |
| Max Bandwidth per Tunnel | 1.25 Gbps per tunnel; up to 5 Gbps with ECMP over Transit Gateway | 1.25 Gbps (VpnGw1); up to 10 Gbps (VpnGw5) | 3 Gbps per tunnel; up to 24 Gbps aggregate with 8 tunnels |
| Feature | AWS | Azure | GCP |
|---|---|---|---|
| HA Option | Yes; dual-tunnel per connection with separate AZ endpoints | Yes; active-active mode with two gateway instances in an AZ | Yes; HA VPN with 99.99% SLA using two interfaces and four tunnels |
| BGP Support | Yes; dynamic routing with BGP ASN configuration per VGW | Yes; BGP supported on all SKUs except Basic | Yes; Cloud Router with BGP for dynamic route exchange |
| Custom Routing | Static routes or BGP propagation; route tables on VGW and TGW | Static routes, BGP, or policy-based routing; UDR integration | Cloud Router custom route advertisements; static or dynamic |
| Feature | AWS | Azure | GCP |
|---|---|---|---|
| Pricing Model | Per VPN connection-hour ($0.05/hr) + data transfer out | Per gateway-hour by SKU ($0.04-$1.25/hr); data transfer out | Per tunnel-hour ($0.075/hr classic, $0.05/hr HA) + data egress |
| Typical Monthly Cost | ~$36/mo per connection (2 tunnels) + ~$0.09/GB egress | ~$140/mo (VpnGw1) to ~$913/mo (VpnGw5) + ~$0.087/GB egress | ~$36/mo per HA tunnel + ~$0.085/GB egress; ~$55/mo Classic |
| Feature | AWS | Azure | GCP |
|---|---|---|---|
| Setup Complexity | Moderate; VGW + customer gateway + VPN connection config needed | Moderate; VNet gateway subnet + public IP + gateway + connection | Moderate; HA VPN gateway + Cloud Router + peer gateway + tunnels |
| Monitoring Integration | CloudWatch metrics (TunnelState, bytes in/out); VPN log groups | Azure Monitor metrics and diagnostics; connection health dashboard | Cloud Monitoring metrics; Cloud Logging for tunnel status and events |
| Certificate Auth | Yes; AWS Certificate Manager Private CA for IKEv2 authentication | Yes; certificate-based auth for point-to-site; PSK for site-to-site | Pre-shared key (PSK) only; no native certificate-based tunnel auth |
| Feature | AWS | Azure | GCP |
|---|---|---|---|
| Route-based vs Policy-based | Route-based (default); policy-based supported with limitations | Route-based (RouteBased SKU) or policy-based (PolicyBased SKU) | Route-based only; Classic VPN supported policy-based (deprecated) |
| Multi-site Support | Yes; multiple VPN connections per VGW or TGW; hub-spoke with TGW | Yes; multiple connections per gateway; Virtual WAN for hub-spoke | Yes; multiple tunnels and peer gateways per Cloud VPN gateway |
| Private Connectivity Alternative | AWS Direct Connect (dedicated 1/10/100 Gbps; hosted 50 Mbps-10 Gbps) | Azure ExpressRoute (50 Mbps-100 Gbps; Global Reach; private peering) | Cloud Interconnect (Dedicated 10/100 Gbps; Partner 50 Mbps-50 Gbps) |
{
"features": [
{
"feature": "Service Name",
"category": "Service Overview",
"aws": "AWS Site-to-Site VPN",
"azure": "Azure VPN Gateway",
"gcp": "Cloud VPN"
},
{
"feature": "Protocols",
"category": "Service Overview",
"aws": "IPSec / IKEv1 / IKEv2",
"azure": "IPSec / IKEv1 / IKEv2",
"gcp": "IPSec / IKEv1 / IKEv2"
},
{
"feature": "Max Tunnels per Gateway",
"category": "Service Overview",
"aws": "10 VPN connections per VGW; 2 tunnels each (20 tunnels total)",
"azure": "30 tunnels (Basic/VpnGw1); up to 100 (VpnGw4/5)",
"gcp": "8 tunnels per HA VPN gateway interface (16 total for HA pair)"
},
{
"feature": "Max Bandwidth per Tunnel",
"category": "Service Overview",
"aws": "1.25 Gbps per tunnel; up to 5 Gbps with ECMP over Transit Gateway",
"azure": "1.25 Gbps (VpnGw1); up to 10 Gbps (VpnGw5)",
"gcp": "3 Gbps per tunnel; up to 24 Gbps aggregate with 8 tunnels"
},
{
"feature": "HA Option",
"category": "High Availability",
"aws": "Yes; dual-tunnel per connection with separate AZ endpoints",
"azure": "Yes; active-active mode with two gateway instances in an AZ",
"gcp": "Yes; HA VPN with 99.99% SLA using two interfaces and four tunnels"
},
{
"feature": "BGP Support",
"category": "High Availability",
"aws": "Yes; dynamic routing with BGP ASN configuration per VGW",
"azure": "Yes; BGP supported on all SKUs except Basic",
"gcp": "Yes; Cloud Router with BGP for dynamic route exchange"
},
{
"feature": "Custom Routing",
"category": "High Availability",
"aws": "Static routes or BGP propagation; route tables on VGW and TGW",
"azure": "Static routes, BGP, or policy-based routing; UDR integration",
"gcp": "Cloud Router custom route advertisements; static or dynamic"
},
{
"feature": "Pricing Model",
"category": "Pricing",
"aws": "Per VPN connection-hour ($0.05/hr) + data transfer out",
"azure": "Per gateway-hour by SKU ($0.04-$1.25/hr); data transfer out",
"gcp": "Per tunnel-hour ($0.075/hr classic, $0.05/hr HA) + data egress"
},
{
"feature": "Typical Monthly Cost",
"category": "Pricing",
"aws": "~$36/mo per connection (2 tunnels) + ~$0.09/GB egress",
"azure": "~$140/mo (VpnGw1) to ~$913/mo (VpnGw5) + ~$0.087/GB egress",
"gcp": "~$36/mo per HA tunnel + ~$0.085/GB egress; ~$55/mo Classic"
},
{
"feature": "Setup Complexity",
"category": "Operations",
"aws": "Moderate; VGW + customer gateway + VPN connection config needed",
"azure": "Moderate; VNet gateway subnet + public IP + gateway + connection",
"gcp": "Moderate; HA VPN gateway + Cloud Router + peer gateway + tunnels"
},
{
"feature": "Monitoring Integration",
"category": "Operations",
"aws": "CloudWatch metrics (TunnelState, bytes in/out); VPN log groups",
"azure": "Azure Monitor metrics and diagnostics; connection health dashboard",
"gcp": "Cloud Monitoring metrics; Cloud Logging for tunnel status and events"
},
{
"feature": "Certificate Auth",
"category": "Operations",
"aws": "Yes; AWS Certificate Manager Private CA for IKEv2 authentication",
"azure": "Yes; certificate-based auth for point-to-site; PSK for site-to-site",
"gcp": "Pre-shared key (PSK) only; no native certificate-based tunnel auth"
},
{
"feature": "Route-based vs Policy-based",
"category": "Architecture",
"aws": "Route-based (default); policy-based supported with limitations",
"azure": "Route-based (RouteBased SKU) or policy-based (PolicyBased SKU)",
"gcp": "Route-based only; Classic VPN supported policy-based (deprecated)"
},
{
"feature": "Multi-site Support",
"category": "Architecture",
"aws": "Yes; multiple VPN connections per VGW or TGW; hub-spoke with TGW",
"azure": "Yes; multiple connections per gateway; Virtual WAN for hub-spoke",
"gcp": "Yes; multiple tunnels and peer gateways per Cloud VPN gateway"
},
{
"feature": "Private Connectivity Alternative",
"category": "Architecture",
"aws": "AWS Direct Connect (dedicated 1/10/100 Gbps; hosted 50 Mbps-10 Gbps)",
"azure": "Azure ExpressRoute (50 Mbps-100 Gbps; Global Reach; private peering)",
"gcp": "Cloud Interconnect (Dedicated 10/100 Gbps; Partner 50 Mbps-50 Gbps)"
}
]
}The Multi-Cloud VPN Compare tool compares VPN gateway options, pricing, bandwidth capabilities, and configuration across AWS (Site-to-Site VPN), Azure (VPN Gateway), and GCP (Cloud VPN). It covers IPsec tunnel setup, high availability configurations, throughput limits, and pricing for connecting cloud networks to on-premises or multi-cloud environments.
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.