In this Blog-Post I will dive into the differences between a traditional Azure Point to Site VPN and the new, more modern approach of an reverse proxy especially the Azure AD Application Proxy.
Why Point-to-Site VPN is not ideal
Most Point-to-Site (P2S) VPN solutions are most of the times hard to manage and operate. So far, I have seen only a couple of companies that can manage the effort of operating such a solution at the expense of a very expensive solution itself and highly trained administrators.
Often the end-users of such P2S solutions are not very happy about it, since there is a lack of visibility regarding which applications respectively intranet solutions can be accessed using the VPN solution and which ones can’t be accessed. In addition, users often complain about network outages which results in the need to connect again and new versions of that need to be deployed on their end devices, which can be tablets, phones, or laptops etc.
Due to the nature of a VPN the solution needs proper network access to the application. This results in the need of proper routing, possibly VLAN Tagging, Inbound connections, ACLs etc. Which is most of the times very time consuming to configure and not very secure in historically grown flat networks.