A VPN connection securely connects two Azure virtual networks, or a virtual network and your local network using Internet Protocol security (IPsec). It can also be used to connect a virtual network to an ExpressRoute circuit. Traffic between the two networks is encrypted by one gateway and decrypted by the other, to protect data when transmitted via the Internet.
A connection consists of different components depending on the connection type. When configuring a connection between two virtual networks, also known as a VNet-to-VNet connection, each network contains a virtual network gateway. The two virtual networks can be in different regions and subscriptions, and different deployment models. For example, use a VNet-to-VNet connection to connect a Classic virtual network to one deployed using Resource Manager.
When configuring a connection between a virtual network and your local network, also known as a site-to-site connection, the virtual network contains a virtual network gateway for the Azure side of the VPN connection, and a local network gateway represents the hardware or software VPN device on your side. The connection wizard creates the right resources depending on the connection type.
Microsoft Azure provides a 99.9% uptime SLA for virtual network gateways.