![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
422 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
We understand that you already have a VPN gateway and now you are planning to configure express route circuit as the primary link with VPN gateway as secondary.
To configure coexisting connections for an already existing virtual network: -
- If you have a virtual network with only one virtual network gateway (for example:a Site-to-Site VPN gateway) and you want to add ExpressRoute gateway), check the gateway subnet size.
- If the gateway subnet is /27 or larger you can create a expressroute circuit with your required resiliency type and follow this documentation to Connect a virtual network to ExpressRoute circuits using the Azure portal.
The virtual networks that you connect to your Azure ExpressRoute circuit can either be in the same subscription or part of another subscription.
- The virtual networks that you connect to your Azure ExpressRoute circuit can either be in the same subscription or part of another subscription.
- If the gateway subnet is /28 or /29, you must first delete the virtual network gateway and increase the gateway subnet size.
- Delete the existing ExpressRoute or Site-to-Site VPN gateway.
- Delete and recreate the GatewaySubnet with a prefix of /27 or shorter.
- Configure a virtual network with a Site-to-Site connection and then Configure the ExpressRoute gateway.
- Once the ExpressRoute gateway is deployed, you can link the virtual network to the ExpressRoute circuit.
Note: Deleting and recreating your gateway will result in downtime for your cross-premises connections. However, your VMs and services can still communicate out through the load balancer during this process if they're configured to do so.
- You can add a Point-to-Site configuration to your coexisting set by following the instructions in Configuring Point-to-Site VPN connection using Azure certificate authentication.
Limits and Limitations:
- Only route-based VPN gateway is supported: Use a route-based VPN gateway. You can also use a route-based VPN gateway with a VPN connection configured for 'policy-based traffic selectors' as described in Connect to multiple policy-based VPN devices.
- ExpressRoute-VPN Gateway coexist configurations are not supported on the Basic SKU.
- BGP Communication: Both the ExpressRoute and VPN gateways must communicate via BGP. Ensure that any UDR on the gateway subnet doesn't include a route for the gateway subnet range itself, as doing so interferes with the BGP traffic.
- Transit Routing: For transit routing between ExpressRoute and VPN, the ASN of Azure VPN Gateway must be set to 65515. Azure VPN Gateway supports the BGP routing protocol. To work together, keep the ASN of your Azure VPN gateway at its default value, 65515. If you change the ASN to 65515, reset the VPN gateway for the setting to take effect.
- Gateway Subnet Size: The gateway subnet must be /27 or a shorter prefix (such as /26 or /25), or you receive an error message when adding the ExpressRoute virtual network gateway.
- If you want to Configure a Site-to-Site VPN as a Failover Path for ExpressRoute, please go through this documentation for reference.
- To achieve the highest resiliency and availability, configure a zone-redundant Azure ExpressRoute virtual network gateway.
For reference: 1. Configuring for high availability
2 . About zone-redundant virtual network gateway in Azure availability zones
-I hope this has been helpful!
Your feedback is important so please take a moment to Accept answers.
If you still have questions, please let us know what is needed in the comments so the question can be answered.
Thank you for helping to improve Microsoft Q&A!