Multiple Site to Site VPNs

%3CLINGO-SUB%20id%3D%22lingo-sub-135037%22%20slang%3D%22en-US%22%3EMultiple%20Site%20to%20Site%20VPNs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-135037%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20currently%20have%20a%20S2S%20VPN%20configured%20between%20our%20HQ%20and%20Azure.%20All%20sites%20that%20connect%20to%20our%20Azure%20tennancy%20route%20through%20HQ%20and%20to%20Azure%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20looking%20to%20extend%20this%20to%20an%20additional%20site%20so%20there%20is%20a%20level%20of%20redundancy%20in%20place%20incase%20the%20HQ%20link%20goes%20down.%20So%20have%20identified%20where%20we%20can%20add%20an%20additional%20S2S%20VPN.%20The%20HQ%20will%20be%20the%20prefered%20route.%26nbsp%3B%20The%20question%20that%20I'm%20having%20problems%20with%20is%20with%20routing%20the%20returning%20traffic%20through%20the%20correct%20link.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20HQ%20goes%20down%2C%20how%20can%20we%20configure%20the%20vNet%20to%20select%20the%20other%20S2S%20VPN%20in%20its%20place%3F%20I%20cannot%20see%20a%20way%20of%20routing%20based%20on%20priority%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20note%3A%20we%20are%20not%20looking%20to%20use%20any%203rd%20party%20Router%2FFirewall%20appliance%20if%20we%20can%20help%20it%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-135037%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-135302%22%20slang%3D%22en-US%22%3ERE%3A%20Multiple%20Site%20to%20Site%20VPNs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-135302%22%20slang%3D%22en-US%22%3EI've%20acutally%20found%20that%20the%20answer%20to%20this%20is%20to%20use%20BGP.%3C%2FLINGO-BODY%3E
New Contributor

We currently have a S2S VPN configured between our HQ and Azure. All sites that connect to our Azure tennancy route through HQ and to Azure

 

We are looking to extend this to an additional site so there is a level of redundancy in place incase the HQ link goes down. So have identified where we can add an additional S2S VPN. The HQ will be the prefered route.  The question that I'm having problems with is with routing the returning traffic through the correct link.

If HQ goes down, how can we configure the vNet to select the other S2S VPN in its place? I cannot see a way of routing based on priority?

 

To note: we are not looking to use any 3rd party Router/Firewall appliance if we can help it

1 Reply
I've acutally found that the answer to this is to use BGP.