![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPH%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,461 questions
Hello @Anonymous ,
I understand that you needed help setting up a S2S VPN with active-passive redundancy using 1 VPN Gateway and 2 Local Gateways and wanted to know if there are any instructions or documentation available for same.
You can setup a S2S VPN with active-passive redundancy using 1 VPN Gateway and 2 Local Gateways.
But there are 2 types of setups in this active-passive configuration:
- Both VPN devices in the same on-premises location:
- The 2 VPN devices are in different on-premises locations:
If the VPN devices are in different sites, then this type of setup is generally known as multi-site configuration and can be seen in the below doc:
So, depending upon where your VPN devices are, the prerequisites for the setup may differ.
If both the VPN devices are in the same site, then BGP is required for this configuration.
If both the VPN devices are in different sites, then refer the below doc for the prerequisites.
https://learn.microsoft.com/en-us/azure/vpn-gateway/add-remove-site-to-site-connections#before
In case you want automatic failover between 2 VPN tunnels configured with 1 Azure VPN gateway & 2 on-premises VPN devices in the same site, then using BGP will allow the two connections to the same on-premises network to be UP at the same time and will support automatic and flexible prefix updates.
https://learn.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
In case you want to use static routes, you need to set up a connection with LNG (local network gateway) pointing to VPN device 1 having the on-premises address range. Then create another connection with 2nd LNG having the Public IP of the VPN device 2 and the on-premises address range in there as well.
You confirmed that the issue is now resolved.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.