Forum Discussion
Virtual Network Gateway
Hi There,
I wanted to setup a Express route gateway and VPN on my Virtual Network gateway. I have Hub and Spoke model, where I create one subnet "GatewaySubnet" on hub vnet, Can I able to create two Virtual gateway one for Express route and another for S2S VPN for 3rd Party partners / Supporting vendors / B2B and so on. Any reference link much appreciated.
As far I understand, generally Virtual Network gateway would be use either one for On-prem connectivity or VPN as fall back. But in this scenario
Express Route for ---> On-prem Connectivity
VPN for ---> 3rd party S2S VPN.
4 Replies
- This page explains how to configure an ExpressRoute and S2S VPN alongside each other. Does that help?
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-managerThanks for your response.
Basically we wanted to achieve as shown in below:
With out forcing the traffic to PAFW I can successfully establish the tunnel. Spoke to Spoke communication also working as expected. But I wanted force the traffic PA first then pass on to VPNGW in order to establish the tunnel. Similarly from outbound after VPN lands on VPNGW it should be pass thru PAFW.
Have you implemented any User-defined routes here? I would suggest that your spoke subnets might need a default route where the next hop is the Virtual Appliance address of the firewall. The firewall in turn would then have a next hop of the VPN connection:
Some details on User Defined Routes here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
