![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 39%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,554 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIK%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the best practices for Disaster Recovery in case of a Site-to-Site connection.
For Platform Failure,
- As you mentioned, we can have an Active Active configuration
- Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks
- This can create upto 4 Tunnels and you will still have 2 tunnels if an instance goes down.
For Zone wise disaster,
- We have to use Zone redundant VPN Gateways
- Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/about-zone-redundant-vnet-gateways
-
For Region wide disaster:
- You must note that if a region fails, so does the VM(s) and VNET(s) in that region
- You must use Azure Site Recovery
- The idea here is to have a VNET and VPN Gateway in recovery region readily configured.
- Just not connect the Gateway to your OnPREM servers.
- Refer : https://learn.microsoft.com/en-us/azure/site-recovery/site-recovery-retain-ip-azure-vm-failover#hybrid-resources-full-failover
- Before Failover:
-
- Then you should migrate your VMs to the recovery VNET First - this is taken care by ASR
- Set up disaster recovery to a secondary Azure region for an Azure VM : https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
- Then create and enable the connections in the VPN Gateway
- After Failover:
-
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.