Share via

Configuring Static Routes for Multiple On premises VPN tunnle

SJ 0 Reputation points
2025-05-12T16:15:50.9933333+00:00

I am trying to ad multiple VPN tunnels to an existing VNet GW with SKUVpnGw1AZ. the existing default route is below

source :Virtual Network Gateway : Address: 10.0.0.0/12 : Next Hop Type : Virtual Network Gateway: Next Hop IP : (public IP of S2S).

The IP Address 10.16.0.0/12 is configured in the Local Network Gateway of S2S VPN1

I want to create more Local Network Gateway (S2S VPN2 .. S2S VPN5) to other On prem sites but address range of every other On prem falls into the same range of (10.0.0.0/12) eg. 10.10.0.0/24.

What will be the next hop type and IP when Creating a UDR ? Also Do I need to change the addresses associated with the local Network gateway of the First Tunnel.

source :Virtual Network Gateway : Address: 10.30.0.0/45 : Next Hop Type : ? : Next Hop IP : ?

Below is something I found in Azure Document and this what I am trying to implement. The Only difference is I have one On prem working tunnel with summarize routes of all the on prem Networks.

User's image

  1. Configure Route Tables (UDRs):
  • You can use User-Defined Routes (UDRs) in route tables to specify how traffic should be routed between your Azure virtual network and the on-premises networks. 
  • Create route tables and add routes that define the destination network (on-premises network) and the next hop, which should be the corresponding Azure VPN gateway. 
  • You can either propagate routes learned from your on-premises VPN devices automatically or manually add routes to your route tables. 
  • Ensure you're not creating conflicting routes, as this can lead to connection issues.
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,786 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 5,210 Reputation points Microsoft External Staff Moderator
    2025-05-12T20:05:16.8866667+00:00

    Hello SJ

    What will be the next hop type and IP when Creating a UDR ? Also Do I need to change the addresses associated with the local Network gateway of the First Tunnel.

    Yes, you are correct. You need to change the address associated with the local Network gateway of the First Tunnel.

    Since no on-premises address should overlap, and there is no routing weight concept in the VPN tunnel, the on-premises IPs listed in the LNG must be unique.

    Due to the more specific routes created in the new LNG, they are given first preference from the Azure side. Please ensure that the on-premises traffic enters the same tunnel to avoid connectivity issues.

    source :Virtual Network Gateway : Address: 10.30.0.0/45 : Next Hop Type : ? : Next Hop IP : ?

    If you don't have any firewalls or NVA's, there is no need to use UDR's because Azure will automatically learn the routes from on-premises and re-advertise them to the same gateway.

    In the diagram you shared, you can see that the on-premises ranges are different, and there is no overlap between the three networks.

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.