Share via

Azure VPN Site to Site

Handian Sudianto 5,361 Reputation points
2024-11-21T02:05:41.04+00:00

Hello,

I have topology like below picture, where i have 2 onprem location.

Onprem-1 subnet is 10.7.0.0/16, Onprem-2 subnet is 10.38.0.0/16 and Azure subnet is 10.200.0.0/16

Each Onprem have 2 internet connection to connecting to Azure, with 2 internet connection we expect to get redundancy in case there are failure in internet connection.

Also there are WAN connection across the onprem, with this connection we also expect we have redundancy example both internet connection is down.

If i summarized :

  • Traffic to Azure for each site will use both internet connection (and also this will make redundancy if one of internet connection is down).
  • If both internet connection on the site down, traffic to Azure will be routed to WAN and go to other site and use their internet connections.

With this condition i need some recommendation how i can fulfill my requirements.

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,566 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 1,745 Reputation points Microsoft Vendor
    2024-11-21T17:56:31.99+00:00

    Hi Handian Sudianto

    We appreciate your patience!

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    To achieve the redundancy and failover requirements you've outlined for your two on-premises locations connecting to Azure, you can consider the following recommendations:

    • Dual-redundancy active-active mode design

    The most reliable design option is to combine the active-active gateways on both your network and Azure, as shown in the following diagram:

    Diagram shows a Dual Redundancy scenario.

    In this configuration, you create and set up the Azure VPN gateway in active-active mode. You create two local network gateways and two connections for your two on-premises VPN devices. The result is a full mesh connectivity of four IPsec tunnels between your Azure virtual network and your on-premises network.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways

    • Design highly available gateway connectivity for cross-premises and VNet-to-VNet connections

    In this article

    1. About VPN gateway redundancy
    2. Highly Available cross-premises
    3. Highly Available VNet-to-VNet

    By implementing active-active VPN connections, using dynamic routing protocols, and ensuring redundancy in your WAN connections, you can achieve the desired redundancy and failover capabilities for your Azure connectivity.

    NOTE: Routing between their WAN will be handled by On-Prem, from VPN part these should be the answer.

    Hope this clarifies!

    If above is unclear and/or you are unsure about something add a comment below.

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    Regards,

    Ganesh

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.