Site gto site vpn's in azure

Shawn Gaston 1 Reputation point
2020-06-09T10:22:40.347+00:00

Hello I'm still new to azure concept. so here's what we have.
we have a directory called shazoom( just using this as example its not what are directory is really called)

we have one resource grouped called magic
under this group we have all ouur networking setup for S2S vpn that connects to our facility. (we have some web stuff that connects to the sql DB from azure to onprem

so now i'm being asked to create another S2S connection to our data centetr where we house prodcution stuff for now

do i have to create a whole new GW Subnet, setup another S2S VPN under the new one to connect to the data center? takin these are policy based VPN. if i need to create a new VNET will take break the current setup for the websites talking to our on prem if we add that to the new VNET?

Thanks and sorry for asking so dumb questions it maybe to some people

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,378 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-06-16T05:16:50.09+00:00

    The big issue you are hitting is that Policy Based VPNs can only have 1 connection. Your best bet for this setup is to change your existing gateway to a Route-Based Gateway and use 'PolicyBasedTrafficSelectors' to connect to multiple policy-based VPNs. You will likely have to re-establish your existing S2S VPN when you make this change.

    A Virtual Network can only have one VPN Gateway, so you will not be able to make a new Gateway unless you also make a new Virtual Network. It might be possible to make a new Virtual Network for your new S2S connection, and then connect those 2 VNETs via peering, but the your best bet is to use the method described in the doc above.