This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 28.999999999999996%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello,
We have a requirement where S2S VPN from Azure VPN Gateway to two on-prem sites is required. I know that active/active is possible, but the client has active/standby setup on their end meaning on-prem site A will act as active and site B will only become active should site A fail. The routing on their end is configured to take care of it. I want to know if this scenario is possible with Azure S2S VPN connections and if so any document explaining how we can deploy it.
Azure VPNGW (VNET e.g. 10.0.0.0/16) ---> On-Prem Site A (e.g. 11.1.1.1) -->Active (Local N/W 172.16.0.0/16)
Azure VPNGW (VNET e.g. 10.0.0.0/16) ---> On-Prem Site B (e.g. 12.2.2.2) -->Standby (Local N/W 172.16.0.0/16)
Any suggestions or inputs will be much appreciated.
Thanks
Shoeb
Hi,
Is your site A and site B belongs to same On-Premises ?
You can still deploy Active-Active Gateways and enable BGP. Then by using AS path you can prefer one path over the other. In that case if the primary BGP goes down, then the traffic is routed via secondary path
Hi,
No site A and site B belong to different locations.
Bgp AS path manipulation on on-prem is fine, Is it possible to manipulate BGP attributes on Azure VPN gateway so that site A tunnel can be primary and site B backup.
Any other possibilities to achieve this setup.
Thanks,
Shoeb
Having the same address space for two On-Prem with active-standby is not recommended setup. BGP attribute cannot be manipulated other than AS path prepending as of today