![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 57.99999999999999%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,423 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you have a Hub Virtual Network connected to OnPrem via ExpressRoute and multiple Spoke VNETs with overlapping address ranges that need to connect to OnPREM via the Hub.
With your current set up,
- You can consider using Site-to-Site or VNET-to-VNET connection between your Spoke VNETS and Hub VNET with NAT and BGP Enabled
- Enabling NAT is to solve the problem of overlapping address ranges
- Enabling BGP is to have transit routing to OnPrem via the VPN Gateway
-
- Here, TestVNet1 is the Hub and you can see, TestVNet2 (Spoke) can connect to the OnPrem site
- More configuration info on How to configure BGP for Azure VPN Gateway
-
NOTE:
- This means, you have to deploy VPN Gateways in all the Spoke VNETs
- And also, you must consider the maximum number of connections the Hub Gateway SKU can support
- See : Gateway SKUs comparison
- My suggestion would be to use VNET Peering whenever possible and only create S2S/VNET-to-VNET when there is an existing VNET Peering with overlapping address range so that you don't hit the maximum connection limits.
Additionally, you can use vWAN in scenarios where you need more than 100 S2S VPN tunnels
Cheers,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.