![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 7.000000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELV%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,389 questions
Hello @Lê Vũ Thùy Dương ,
Thank you for the update.
Case 1:
In case you want automatic failover between 2 VPN tunnels configured with 1 Azure VPN gateway & 2 on-premise VPN devices, then using BGP will allow the two connections to the same on-premises network to be UP at the same time and will support automatic and flexible prefix updates.
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices
In case you want to use static routes, you need to set up a connection with LNG (local network gateway) pointing to VPN device 1, having the on-premises address range. Then create another connection with 2nd LNG having the Public IP of the VPN device 2 and the on-premises address range in there as well.
What you will see is that since both connections have the same local range (which can cause an overlap) only the first one will come up while the second one will show disconnected but the moment the first connection goes down the second one will come up. So on Azure side, it will be taken care of automatically as long as you have the VPN gateway with 2 connections to the same on-premises site via 2 different local network gateways configured with 2 different VPN devices.
Case 2:
I'm not sure why you would want to setup case 2 where you have 2 VPN gateways in Azure with 2 on-premises VPN devices but this setup will not work if you have a single Vnet in Azure to access your resources as each virtual network can have only one VPN gateway.
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
If you want to deploy the VPN gateway to a different Vnet and peer that Vnet with your other existing Vnets, then this setup is possible but then again it will be 2 different tunnels unless you create cross connections between the 2 VPN gateways & 2 VPN devices which will consist of total 4 tunnels as below:
VPN gateway 1 ---> On-premise VPN 1
VPN gateway 1 ---> On-premise VPN 2
VPN gateway 2 ---> On-premise VPN 1
VPN gateway 2 ---> On-premise VPN 2
And the configuration & failover mechanism will be similar to what I explained above in case 1 static routes scenario.
But with BGP, this setup will simplify to 1 VPN gateway with active-active configuration & 2 on-premises VPN devices as explained in below article:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 59%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENL%3C/text%3E%3C/svg%3E)