VPN type VNG BGP session to ARS or NVA without IPsec tunnel

stephane clavel 21 Reputation points
2022-03-01T19:02:38.937+00:00

Hello

I'm looking for how to configure VPN type VNG BGP session to ARS or NVA (without IPsec tunnel) in same VNET. Like last figure in https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support I fail to find documentation or blog post.

I'm not looking for BGP settings between VPN type VNG and let's say on prem IPsec device.

Can anyone please help ?

thanks

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,401 questions
0 comments No comments
{count} votes

Accepted answer
  1. SaiKishor-MSFT 17,211 Reputation points
    2022-03-05T01:15:48.087+00:00

    @stephane clavel Thank you for your patience while I was researching into this. Upon further investigation, you cannot have Peering between a NVA and VPN/ER Gateways directly within a Vnet.

    The only way to have a peering connection between an NVA and Azure VPN/ER gateways is via an Azure Route Server. Here are the steps you need to setup for peering between NVA-ARS and Azure VPN/ER gateway:

    1. Setup Peering between your NVA and ARS by following the steps given here - https://learn.microsoft.com/en-us/azure/route-server/quickstart-configure-route-server-portal
    2. Setup peering between ARS and Azure VPN/ER gateway by following steps here- https://learn.microsoft.com/en-us/azure/route-server/quickstart-configure-route-server-powershell#configure-route-exchange

    Hope this answers your questions. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. SaiKishor-MSFT 17,211 Reputation points
    2022-03-01T22:30:53.61+00:00

    @stephane clavel I understand that you are looking for steps to configure Peering between ARS and NVA or VPN/ER GWs. Please correct me otherwise.

    1. Here are steps on setting up peering between the ARS and Quagga NVA specifically- https://learn.microsoft.com/en-us/azure/route-server/tutorial-configure-route-server-with-quagga
    2. Here is how to setup peering between ARS and any NVA- https://learn.microsoft.com/en-us/azure/route-server/quickstart-configure-route-server-powershell#create-bgp-peering-with-an-nva
    3. Here are steps for peering between ARS and VPN/ER Gateways- https://learn.microsoft.com/en-us/azure/route-server/quickstart-configure-route-server-powershell#configure-route-exchange

    If you face any issues, please go through the Troubleshoot guide for ARS here - https://learn.microsoft.com/en-us/azure/route-server/troubleshoot-route-server

    Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments No comments

  2. stephane clavel 21 Reputation points
    2022-03-02T07:50:25.287+00:00

    @SaiKishor-MSFT thanks for your answer.

    I had gone through these links beforehand and I failed to find what I'm looking for in them.

    I'm looking for instructions on how to configure VNG to set-up BGP peering with any other device in the same VNET, being ARS or NVA.

    When you want to set-up BGP in a VPN VNG with a remote device through IPsec tunnel, one has to enable BGP on the VNG, set AS number and BGP IP address(es) then through local gateway would enter remote device BGP settings. I'm looking on similar instructions, but for a device in same VNET, without building IPsec tunnel.

    thanks


  3. stephane clavel 21 Reputation points
    2022-03-07T08:10:13.417+00:00

    Thanks @SaiKishor-MSFT for your answer !

    0 comments No comments