Share via

How to upgrade VPN Gateway from Basic tier to VpnGw1AZ without deleting existing connections?

Abhilash Subramanian 1 Reputation point
2025-03-04T08:55:12+00:00

Problem:

I am currently using a Basic tier VPN Gateway in Azure. I need to upgrade it to VpnGw1AZ with a Standard Public IP. However, there is no direct upgrade option, and I cannot delete the existing VPN Gateway because it has several active connections to different sites. Deleting the gateway would result in service disruption, and I need to find a way to upgrade to the new tier without affecting these connections.

Request:

I need guidance on how to upgrade my VPN Gateway from Basic to VpnGw1AZ while keeping the existing connections intact. Please advise if there is any way to perform this upgrade without deleting and re-creating the gateway, or if Azure support can assist in facilitating this upgrade.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,675 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 700 Reputation points Microsoft External Staff
    2025-03-04T10:06:53.37+00:00

    Hello Abhilash Subramanian

    Greetings!

    I understand that you want to upgrade your Basic VPN gateway to VpnGw1AZ with a Standard Public IP.

    Unfortunately, it cannot be done without deleting the VPN gateway.

    According to the Microsoft documentation on changing the VPN Gateway SKU, upgrading or downgrading the VPN Gateway SKU (e.g., from Basic to VpnGw1AZ) requires deleting the current gateway and creating a new one. This process temporarily removes VPN connections, and while they can be re-established after the upgrade, they must be manually reconfigured.

    Please try to schedule non-business hours to minimize downtime and avoid impacting your production.

    The following steps illustrate the workflow to change a SKU.

    1. Remove any connections to the virtual network gateway.
    2. Delete the old VPN gateway.
    3. Create the new VPN gateway.
    4. Update your on-premises VPN devices with the new VPN gateway IP address (for site-to-site connections).
    5. Update the gateway IP address value for any VNet-to-VNet local network gateways that connect to this gateway.
    6. Download new client VPN configuration packages for point-to-site clients connecting to the virtual network through this VPN gateway.
    7. Recreate the connections to the virtual network gateway.

    Check the reference document: https://learn.microsoft.com/en-us/azure/vpn-gateway/gateway-sku-change#workflow

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.