Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I shall summarize our discussion and post it as an answer.
Kindly Accept the answer, as this can be beneficial to other community members and close this thread.
- You have VPN Gateway in Active-Passive mode.
- And two VPN Devices/Tunnels that originate from the OnPrem
- And these tunnels are built over the ExR Private Peering making use of VPN Gw Private IPs
- It appears that there is a traffic loss when both the VPN Tunnels are connected simultaneously.
Azure always honors BGP path prepend and as such, should only prefer one tunnel which has a shorter path.
To isolate the issue,
Please go for a packet capture at both Azure VPN Gateway and OnPrem device and isolate where the traffic is being sent to the secondary tunnel.
- Start a continuous tcpping or icmp ping from OnPrem to Azure
- Then start the capture.
- Check if the packets are being sent via the primary tunnel or secondary tunnel - This should confirm if the OnPrem is honoring the primary tunnel or secondary tunnel.
- Similarly, you can check from Azure side as well.
You wanted to know what address range needs to be set in the LNG Address space.
- Local Network Gateways on both the VPN connections need to have same address prefixes which represent on-prem networks
- It's better to leave the address prefixes empty when using BGP
- The BGP will automatically advertise the routes between the tunnels
- Configure BGP for VPN Gateway
Thanks,
Kapil
Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.