@Elias Shuiti Yasuda Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with setting up Azure S2S VPN in active-active mode with one VPN over ER and another one over a Public IP.
Active-Active VPN Gateways have 2 VPN Gateways provided by Azure where both instances of the gateway VMs will establish S2S VPN tunnels to your on-premises VPN device. The setup you are looking for i.e., one VPN over ER connection and the other one over Public IP is a active-stand by connection where if the VPN over ER goes down, it can then traverse the VPN over the Internet. For this setup, you do not need to enable active-active mode.
To achieve this setup, sinc eyou already have the VPN over Express Route connection established, go ahead and setup the VPN over Public IP(as mentioned earlier do not enable active-active mode). Once both the VPNs are up, advertise the same routes using BGP on both the VPNs. Azure will always prefer the VPN over Express Route first to route traffic to on-premise. To avoid asymmetric routing, please make sure the traffic from on-premise to Azure also prefers the S2S VPN over ER. If the VPN over ER is down, then traffic will automatically traverse the S2S VPN over Internet and will go back to the ER VPN once it is back up. Hope this helps.
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.