VPN connection on AWS side shows 0 BGP learned routes from Azure VPN gateway

Miroslav_ngena 21 Reputation points

We've deployed AWS to Azure redundant VPN connection according to article (https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-aws-bgp) using active-active VPN gateway. All tunnels are coming up as decribed in the article.
There are two site-to-site connections on the AWS side. Each of this connection showing 0 BGP routes via "Tunnel2". Both Tunnel1 are learing routes correctly on AWS.

After checking advertised routes (Azure VPN Gateway - BGP Peers), we've noticed routes sent towards peers are using next-hop from different peer (for example routes advertised to peer have next-hop, which is different peer from different /30 subnet). Normally I would expect these routes to have the next-hop of sending interface (next-hop self) which is in this case.

When we tried to disable both connections via Tunnel1, the connectivity is broken.

Is there any way to correct or workaround this behaviour?


Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,402 questions
0 comments No comments
{count} votes

Accepted answer
  1. SaiKishor-MSFT 17,211 Reputation points

    @Miroslav_ngena Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with S2S VPN connection between Azure and AWS where for 2 of the redundant connections, Tunnel 2 shows 0 BGP routes.

    This seems like a configuration issue to me where the BGP peer addresses may not have been configured correctly. Can you please re-check the same especially this part: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-aws-bgp#-create-connections

    If possible, please share the details of your configuration either in a file or snapshots so I can verify further. Thank you!

0 additional answers

Sort by: Most helpful