Forum Discussion
Expressroute Coexistence P2S
Hi
We have an IPVPN ExpressRoute connection back to our MPLS.
We also have a central Internet breakout from our MPLS, its quite small, only 300mb. we don't want to increase the bandwidth on that circuit and at the moment it is getting a little over used by workers connecting to on-premise and Azure service via the client VPN they have.
We want to look at the possibility of bringing up a P2S VPN in Azure that can also utilise the ExpressRoute for connectivity back down to the MPLS.
We also have multiple VNGs setup that are linked to other Azure subs and a spare VNG that has a larger GatewaySubnet than the others (/27)
Has anyone successfully brought up another VNG in the same GatewaySubnet asn an ExpressRoute VNG to allow P2S connections back either into the Azure environment or using the ExpressRoute back into an on-premise LAN (via the MPLS)?
if you have, get in touch because I'd like to know how you managed it.
I have looked at Virtual WAN, but that would entail bringing down the current ER which is a no no at the moment.
thanks
1 Reply
May consider the following workarounds:
1. Deploy a Separate VNG for P2S
- Create a new VNG in the same VNet (or peered VNet) with P2S enabled
- Use VNet peering to allow traffic between the P2S-connected clients and the ExpressRoute-connected resources
- Ensure gateway transit is enabled in peering settings
2. Use Route Tables to Direct Traffic
- Configure User Defined Routes (UDRs) to send traffic from P2S clients to on-prem via ExpressRoute
- Make sure BGP routes from ExpressRoute are propagated correctly
3. Avoid Virtual WAN for Now
- You're right — moving to Virtual WAN would require reprovisioning ExpressRoute, which is disruptive
- Stick with classic VNG + peering + UDRs for now
