Share via

Setting up two ISP links to one Azure VPN Gateway

Laihsb 0 Reputation points
2024-06-24T03:28:10.7666667+00:00

Hi all,

As the title says, I'm looking to setup two ISP links to my Azure VPN Gateway.

We have two ISP links coming into our office, one being our primary, and other being backup incase primary goes down. At the moment our primary ISP link is connected to our Azure VPN Gateway, so we can access Azure resources through that link, but our backup ISP link isn't configured, so, in the event our main line does go down, there's no connection.

How would I go about setting this up? Has anyone on here done something similar, if so, could you share your experience or some tips?

Thanks in advance.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,466 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,411 Reputation points Microsoft Employee
    2024-06-24T04:12:58.47+00:00

    Hello @Laihsb ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know how to setup S2S connections from Multiple ISPs on your on-premises to Azure VPN gateway in your Azure Vnet.

    You can use multiple VPN devices from your on-premises network to connect to your Azure VPN gateway with BGP as below:

    User's image

    BGP is required for this configuration. Each local network gateway representing a VPN device must have a unique BGP peer IP address specified in the "BgpPeerIpAddress" property.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices

    https://learn.microsoft.com/en-us/azure/vpn-gateway/add-remove-site-to-site-connections

    This is possible when there are 2 different VPN devices.

    You can talk to your on-premises VPN device vendor team and check if there is a way to use multiple interfaces to achieve this. So that you can configure 2 BGP IPs and use the 2 existing Public IPs (from the 2 ISPs) to setup 2 VPN tunnels to the Azure VPN gateway.

    If not, then I would suggest using active-active mode on the VPN gateway and configuring 2 tunnels using the 2 Azure BGP IPs.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/active-active-portal

    https://learn.microsoft.com/en-us/azure/vpn-gateway/bgp-howto#2-create-testvnet1-gateway-with-bgp

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#bgp

    NOTE: If you have BGP sessions running, be aware that the Azure VPN Gateway BGP configuration will change and two newly assigned BGP IPs will be provisioned within the Gateway Subnet address range. The old Azure VPN Gateway BGP IP address will no longer exist. This will incur downtime and updating the BGP peers on the on-premises devices will be required. Once the gateway is finished provisioning, the new BGP IPs can be obtained, and the on-premises device configuration will need to be updated accordingly. This applies to non APIPA BGP IPs.

    Regarding VPN gateway planned maintenance:

    • For Active/Passive VPN Gateways, the planned failover causes the downtime to be 10-15 seconds.
    • For Active/Active VPN gateways and HA connection context from the remote end as well (dual redundancy), the data path will never go down as long as the tunnel is always connected to at least one of the two instances.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments