Share via

vWAn Site to Site VPN

prasantc 836 Reputation points
2024-05-09T02:44:17.7233333+00:00

I am trying to connect one test tenant and subscription to another test tenant using site to site vpn and WAN with secured on the primary subscription and the tenant.

I am following this article to create VPN gateway separately with custom ASN and the create site on vwan and connect to hub. But after creating site I only see create new vpn Gateway on the secured hub site to site vpn tab (blade).

There are no filter to disable and does not have any option. One button to create new vpn gateway. I am not creating Active to active. I am only trying to create one active connection from project tenant to my VS subscription (tenantB).

Unfortunately, creating directly from vWAN does not give any option for custom ASN and configuration to match shared key vpn site on the second subscription/tenant. So far I have been able to connect two using site to site vpn shared key connection without using vWAN but my goal is to test with vWAN and the routing intent behaviour

  1. Connect sites to the virtual hub

https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal#connectsites

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,400 questions
Accepted answer
  1. KapilAnanth-MSFT 36,396 Reputation points Microsoft Employee
    2024-05-09T10:37:30.92+00:00

    @prasantc ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I see you have 2 test tenants.

    Let's say vWAN is deployed in the Tenant1 and Tenant2 has VNET Gateway deployed to a VNET.

    I am not sure what you mean by "VPN gateway separately with custom ASN and the create site on vwan and connect to hub"

    • I am afraid this configuration is not feasible.
    • You cannot use a VNET Gateway(deployed outside of vWAN) with a VPNSite(in a vWAN).
    • If you deploy a VNET Gateway outside vWAN, you must use LNG with this.
    • To use a VPNSite(in a vWAN), you must deploy a VPNGateway within the vWAN only.
    • And this will be deployed as Active-Active and with a fixed ASN (65515) - users cannot change this behavior.
    • Once you create a VPNGateway and Connect the VPNsite to a virtual hub(VPNGateway) , I see an option to see PSK
      • User's image

    See:

    Cheers,

    Kapil.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest