Forum Discussion
Multiple on-premises VPN devices
Hi All,
I have a requirement to build a VPN tunnel from Azure to On Premise .On Premise,we have 2 VPN Gateway as Primary and Secondary .
I believe we will have to create 2 VPN TUnnels to on premise .
But I am confused how do I route the traffic to Primary and then to secondary (if Primary Fails) without using BGP
Please help
1 Reply
How about this:
- Create Two VPN Connections
- In Azure, create two VPN connections from your Virtual Network Gateway:
- One to the Primary on-prem VPN device
- One to the Secondary on-prem VPN device
- Configure Static Routes
- Use Local Network Gateways in Azure to define the IP prefixes for your on-prem network.
- Assign static routes to each connection:
- Primary connection: assign the route with lower metric (higher priority)
- Secondary connection: assign the same route with higher metric
This way, Azure will prefer the primary tunnel unless it goes down.
- Enable Dead Peer Detection (DPD)
- Ensure DPD is enabled on both sides so Azure can detect when the primary tunnel is down and switch to the secondary.
- Monitor and Alert
- Use Azure Network Watcher or Log Analytics to monitor tunnel health.
- Set up alerts to notify you if the primary tunnel fails.
