Connect a virtual network to a Virtual WAN hub - portal

This article helps you connect your virtual network to your virtual hub using the Azure portal. You can also use PowerShell to complete this task. Repeat these steps for each VNet that you want to connect.

Before you create a connection, be aware of the following:

  • A virtual network can only be connected to one virtual hub at a time.
  • In order to connect it to a virtual hub, the remote virtual network can't have a gateway (ExpressRoute or VPN) or RouteServer.

Important

If VPN gateways are present in the virtual hub, this operation as well as any other write operation on the connected VNet can cause disconnection to Point-to-site clients as well as reconnection of site-to-site tunnels and BGP sessions.

Add a connection

  1. In the Azure portal, go to your Virtual WAN In the left pane, select Virtual network connections.

  2. On the Virtual network connections page, select + Add connection.

  3. On the Add connection page, configure the connection settings. For information about routing settings, see About routing.

    • Connection name: Name your connection.
    • Hubs: Select the hub you want to associate with this connection.
    • Subscription: Verify the subscription.
    • Resource group: Select the resource group that contains the virtual network to which you want to connect.
    • Virtual network: Select the virtual network you want to connect to this hub. The virtual network you select can't have an already existing virtual network gateway.
    • Propagate to none: This is set to No by default. Changing the switch to Yes makes the configuration options for Propagate to Route Tables and Propagate to labels unavailable for configuration.
    • Associate Route Table: From the dropdown, you can select a route table that you want to associate.
    • Propagate to labels: Labels are a logical group of route tables. For this setting, select from the dropdown.
    • Static routes: Configure static routes, if necessary. Configure static routes for Network Virtual Appliances (if applicable). Virtual WAN supports a single next hop IP for static route in a virtual network connection. For example, if you have a separate virtual appliance for ingress and egress traffic flows, it would be best to have the virtual appliances in separate VNets and attach the VNets to the virtual hub.
    • Bypass Next Hop IP for workloads within this VNet: This setting lets you deploy NVAs and other workloads into the same VNet without forcing all the traffic through the NVA. This setting can only be configured when you're configuring a new connection. If you want to use this setting for a connection you've already created, delete the connection, then add a new connection.
    • Propagate static route: This setting is currently being rolled out. This setting lets you propagate static routes defined in the Static routes section to route tables specified in Propagate to Route Tables. Additionally, routes will be propagated to route tables that have labels specified as Propagate to labels. These routes can be propagated inter-hub, except for the default route 0/0. This feature is in the process of rolling out. If you need this feature enabled please open a support case
  4. Once you've completed the settings you want to configure, click Create to create the connection.

Note

  • To delete a virtual network connected to the virtual hub, you must delete both the virtual network connection and virtual network resource.

Next steps

For more information about Virtual WAN, see the Virtual WAN FAQ.