move IPSEC connection to ExpressRoute

Question

Good morning

currently I have a group of server's with 4 IPSEC connection
I have purchased an ExpressRoute connection and I want to move 1 IPSEC connection to ExpressRoute and the rest leave them as they are.

How could I make this change without affecting all other IPSEC connections?

Thank you very much for your help

Greetings

Roberto Jiménez

Answer 1

@Administrador Dominio RJIMENEZ Thank you for reaching out to Microsoft Q&A.

I understand that you have 4 IPSEC connections currently and you want to move one connection to ER without effecting anything else.

When you move a connection to ER, you would create a new ER circuit, peering and ER gateway and then route the traffic over the same and then delete the S2S VPN connection after that. This process should not effect the other exisiting connections as long as there are no conflicting routes with the exisitng S2S VPNs routes as ER is always the preferred routing method and it will be preferred unless there is a more specific route for the S2S VPNs.

From Azure documentation: We noted that when a given on-premises route is advertised via both ExpressRoute and S2S VPN, Azure would prefer the ExpressRoute path. To force Azure prefer S2S VPN path over the coexisting ExpressRoute, you need to advertise more specific routes (longer prefix with bigger subnet mask) via the VPN connection.

Therefore, please make sure that there are more specific routes always for the S2S VPNs so that they are the preferred routing method for the respective traffic. Hope this helps. If you have any further questions/concerns, please do let us know. Thank you!

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.