Share via

azure vpn policy based peered network

Mark Duncan 21 Reputation points
2021-03-09T16:26:09.443+00:00

i currently have a virtual network with a policy based vpn and a local gateway.

i want to connect a new local gateway for a different location. since the existing vpn in policy based i can't add another connection to it.

i created a new vpn that is route based and a new virtual network that i peered with the existing virtual network. i've also create a local gateway for the new vpn.

i added a virtual machine to the new virtual network and can connect from that virtual machine to the virtual machines on the existing network.

to allow connections directly from the new local gateway through the new vpn to the existing network's virtual machines, it appears from reading that i would need to enable need to enable Use Remote Gateway and Allow Forwarded Traffic.

doing this seems to mean that the existing virtual network would no longer be able to be connected to it's existing VPN. is that the case?

is it best to dump the existing policy based vpn and go with a route based vpn and connect both local gateways to this one vpn and forget about the new virtual network and peering?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,796 questions
0 comments
Accepted answer
  1. SaiKishor-MSFT 17,336 Reputation points
    2021-03-12T07:29:51.367+00:00

    @Mark Duncan
    Thanks for reaching out to us on MicrosoftQ&A.

    Answering your questions/concerns:

    • Since the existing vpn in policy based i can't add another connection to it.

    You can have multiple policy based VPN connections going to a single Vnet as given here in document.

    However, if you need to implement route based VPN for the new location, then it is best to delete the old gateway and re-create a new one as a route based gateway.

    • doing this seems to mean that the existing virtual network would no longer be able to be connected to it's existing VPN. is that the case?

    Yes a virtual network can have only one gateway.

    Hope this answers your questions. Please let me know if you have any further questions/concerns and we will be glad to assist further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.