![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 56.00000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,554 questions
Hello @Ben ,
I understand that you would like to create a site-to-site VPN configuration with a second tunnel going over the MPLS and ExpressRoute from DC1 to Azure via DC2.
Meaning the VPN connection should be DC1 <--S2S--> DC2 <--S2S--> Azure
DC1 <--S2S--> DC2 --> This configuration has to be done on your end, so cannot comment much on this setup.
DC2 <--S2S--> Azure --> Using the existing VPN gateway, you can connect DC2 site (via another local network gateway) with Azure using BGP.
NOTE: BGP should also be enabled for the existing Site-to-Site VPN from DC1 to Azure.
Once BGP is enabled, you can use AS path prepend to prefer direct path over the indirect path.
Azure VPN gateway honors AS Path prepending to help make routing decisions when BGP is enabled. A shorter AS Path is preferred in BGP path selection.
Kindly let us know if the above helps or you need further assistance on this issue.
Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.