Below is the background of the existing and propose setup of the Azure Network.
<HK> ---S2S VPN---<VNET1> ---PEERINGS--- <VNET2>
<VNET1> is located at East Asia and <VNET2> is located at SouthEast Asia
There are workloads sitting on both <VNET1> and <VNET2> and access by user from HK
There is a peering between <VNET1> and <VNET2> with gateway transit
<HK> ---S2S VPN---<VNET1> ---PEERINGS--- <VNET2> ---S2S VPN--- <SG>
The goal of the propose design is to allow users from SG able to access the workloads on <VNET1> and <VNET2>. So, I'm trying to setup the S2S VPN between <SG> and <VNET2>. I got below error when I tried to create a VPN gateway on <VNET2>. Seems due to the <VNET2> have peering setup and using the remote network <VNET1> as a gateway.
Deployment to resource group 'SG-RG' failed.
"message": "Virtual network gateway can not be created since the virtual network /subscriptions/xxxxxx/resourceGroups/SG-RG/providers/Microsoft.Network/virtualNetworks/SG-VNET already uses remote gateways over peering /subscriptions/xxxxxx/resourceGroups/SG-RG/providers/Microsoft.Network/virtualNetworks/VNET2/virtualNetworkPeerings/VNET2_to_VNET1.",
Does the above propose design works? And any recommendation?