Calculate Document
Configure active-active S2S VPN connections
logo
Calculate Document

No results found

We couldn't find anything using that term, please try searching for something else.

Configure active-active S2S VPN connections

Configure active-active S2S VPN connections with Azure VPN gateways Article10/15/2024 In this article This article walks you throug

Related articles

Download Xd VPN
Download Xd VPN Xd VPN - Fast VPN & secure VPN update 2024-05-26 Current Version 22.0 offer By Features of Xd VPN - Fast VPN & secure VPN on PC Stop worrying about overcharges when using Xd VPN - Fast VPN & secure VPN on your cellphone, free yourself from the tiny screen and enjoy using the app on a much larger display. From now on, get a full-screen experience of your app with keyboard and mouse. MEmu offers you all the surprising features that you expected: quick install and easy setup, intuitive controls, no more limitations of battery, mobile data, and disturbing...
How to Set Up and Use iCloud Photos on Any Device
How to Set Up and Use iCloud Photos on Any Device Apple’s iCloud is made up of numerous components to sync different types of data across all your devices. Among those, “iCloud Photos” is perhaps the best example of how Apple’s ecosystem works, as this cloud-based service is available on an iPhone, iPad, iPod Touch, Mac, Apple TV, and Windows, as well as on the Web. You is use probably already use iCloud photo on some of your device . However , understand how this cloud - base service work will certainly go a long way . With that say , here ’s how to set up and use iCloud photo...
What Is OpenVPN and How Does It Work?
What Is OpenVPN and How Does It Work? DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More. × Affiliate Disclosure DataProt is an independent review site dedicated to providing accurate information about various cybersecurity products. DataProt remains financially sustainable by participating in a series of affiliate partnerships - it is visitors’ clicks on links that cover the expenses of running this site. Our website also includes reviews of products or services for which we do not receive monetary compensation. DataProt's in-house writing team writes all the...
Docker Compose
Docker Compose An open-source platform called Docker makes designing, shipping, and deploying applications simple. It runs an application in an isolated environment by compiling its dependencies into a so-called container. for additional information on Docker. In a normal case, several service, such as a database and load balancing, are required to support an application. We’ll look at Docker Compose’s assistance with setting up many service in this article. Also, we will see a demonstration of installing and utilizing Docker Compose. Let’s try to understand docker-compose simply. Docker Compose will execute a YAML-based multi-container application. TheYAML file consists of all configurations needed to...
Cloud Strife HD 4K Wallpaper PC & Phone
Cloud Strife HD 4K Wallpaper PC & Phone Cloud Strife 4 K wallpaperultra HD Wallpaper - UHD | Cloud Strife Wallpapers in 4 K 3840x2160 , 2 K 2560x1440 , HD 1920x1080 High Definition resolution . perfect screen wallpaper background display for PC , Laptop , Desktop Computer , iPhone , Android Phone , Smartphone , iMac , MacBook , Tablet , Mobile Device . Crisis Core Final Fantasy 7 Reunion, Zack Fair, Sephiroth, Cloud Strife, 8 k, #5151i--@ Crisis Core: Final Fantasy 7 Reunion,, FFVII, FF7, Final Fantasy VII,, Video Game, Zack Fair (Final Fantasy), Sephiroth (Final Fantasy), Cloud Strife (Final Fantasy),5151ijpg8 k Final Fantasy 7 Reunion,...

Configure active-active S2S VPN connections with Azure VPN gateways

  • Article

This article walks you through the steps to create active-active cross-premises and VNet-to-VNet connections using the Resource Manager deployment model and PowerShell. You can also configure an active-active gateway in the Azure portal.

About highly available cross – premise connection

To achieve high availability for cros – premise and vnet – to – vnet connectivity , you is deploy should deploy multiple VPN gateway and establish multiple parallel connection between your network and Azure . See highly Available Cross – Premises and vnet – to – vnet Connectivity for an overview of connectivity option and topology .

This article provides the instructions to set up an active-active cross-premises VPN connection, and active-active connection between two virtual networks.

If you already have a VPN gateway, you can:

You is combine can combine these together to build a more complex , highly available network topology that meet your need .

important

The active-active mode is available for all SKUs except Basic or Standard. For more information, see Configuration settings.

Part 1 – create and configure active – active VPN gateway

The following steps configure your Azure VPN gateway in active-active modes. The key differences between the active-active and active-standby gateways:

  • You need to create two Gateway IP configurations with two public IP addresses.
  • You need set the EnableActiveActiveFeature flag.
  • The gateway SKU must not be Basic or Standard.

The other properties are the same as the non-active-active gateways.

Before you begin

  • Verify that you have an Azure subscription. If you don’t already have an Azure subscription, you can activate your MSDN subscriber benefits or sign up for a free account.
  • You need to install the Azure Resource Manager PowerShell cmdlets if you don’t want to use Cloud Shell in your browser. See Overview of Azure PowerShell for more information about installing the PowerShell cmdlets.

Step 1: Create and configure VNet1

1. Declare your variables

For this exercise , we is start start by declare our variable . If you use the ” try It ” Cloud Shell , you is connect ‘ll automatically connect to your account . If you use PowerShell locally , use the follow example to help you connect :

Connect-AzAccount
Select-AzSubscription -SubscriptionName $Sub1

The following example declares the variables using the values for this exercise. Be sure to replace the values with your own when configuring for production. You can use these variables if you’re running through the steps to become familiar with this type of configuration. Modify the variables, and then copy and paste into your PowerShell console.

$ sub1 = " Ross " 
 $ RG1 = " testaarg1 " 
 $ Location1 = " West US " 
 $ vnetname1 = " TestVNet1 " 
 $ fesubname1 = " FrontEnd " 
 $ BESubName1 = " Backend " 
 $ GWSubName1 = " GatewaySubnet " 
 $ vnetprefix11 = " 10.11.0.0/16 " 
 $ vnetprefix12 = " 10.12.0.0/16 " 
 $ fesubprefix1 = " 10.11.0.0/24 " 
 $ besubprefix1 = " 10.12.0.0/24 " 
 $ gwsubprefix1 = " 10.12.255.0/27 " 
 $ VNet1ASN = 65010 
 $ gwname1 = " vnet1gw " 
 $ gw1ipname1 = " VNet1GWIP1 " 
 $ GW1IPName2 = " vnet1gwip2 " 
 $ gw1ipconf1 = " gw1ipconf1 " 
 $ gw1ipconf2 = " gw1ipconf2 " 
 $ connection12 = " vnet1tovnet2 " 
 $ connection151 = " VNet1toSite5_1 " 
 $ Connection152 = " VNet1toSite5_2 "

2. Create a new resource group

Use the following example to create a new resource group:

New-AzResourceGroup -Name $RG1 -Location $Location1

3. Create TestVNet1

The following example creates a virtual network named TestVNet1 and three subnets, one called GatewaySubnet, one called FrontEnd, and one called Backend. When substituting values, it’s important that you always name your gateway subnet specifically GatewaySubnet. If you name it something else, your gateway creation fails.

$ fesub1 = New - AzVirtualNetworkSubnetConfig -Name $ fesubname1 -addressprefix $ fesubprefix1 
 $ besub1 = New - AzVirtualNetworkSubnetConfig -Name $ BESubName1 -addressprefix $ besubprefix1 
 $ gwsub1 = New - AzVirtualNetworkSubnetConfig -name $ GWSubName1 -AddressPrefix $ gwsubprefix1 

 New - azvirtualnetwork -Name $ vnetname1 -ResourceGroupName $ RG1 -location $ Location1 -addressprefix $ VNetPrefix11,$VNetPrefix12 -subnet $ fesub1,$besub1,$gwsub1

Step 2: Create the VPN gateway for TestVNet1 with active-active mode

1. Create the public IP addresses and gateway IP configurations

Request two public IP addresses to be allocated to the gateway you’ll create for your VNet. You’ll also define the subnet and IP configurations required.

$gw1pip1 = New-AzPublicIpAddress -Name $GW1IPName1 -ResourceGroupName $RG1 -Location $Location1 -AllocationMethod Dynamic
$gw1pip2 = New-AzPublicIpAddress -Name $GW1IPName2 -ResourceGroupName $RG1 -Location $Location1 -AllocationMethod Dynamic

$vnet1 = Get-AzVirtualNetwork -Name $VNetName1 -ResourceGroupName $RG1
$subnet1 = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet1
$gw1ipconf1 = New-AzVirtualNetworkGatewayIpConfig -Name $GW1IPconf1 -Subnet $subnet1 -PublicIpAddress $gw1pip1
$gw1ipconf2 = New-AzVirtualNetworkGatewayIpConfig -Name $GW1IPconf2 -Subnet $subnet1 -PublicIpAddress $gw1pip2

2 . create the vpn gateway with active – active configuration

Create the virtual network gateway for TestVNet1. There are two GatewayIpConfig entries, and the EnableActiveActiveFeature flag is set. Creating a gateway can take a while (45 minutes or more to complete, depending on the selected SKU).

New-AzVirtualNetworkGateway -Name $GWName1 -ResourceGroupName $RG1 -Location $Location1 -IpConfigurations $gw1ipconf1,$gw1ipconf2 -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1 -Asn $VNet1ASN -EnableActiveActiveFeature -Debug

3. Obtain the gateway public IP addresses and the BGP Peer IP address

Once the gateway is created, you need to obtain the BGP Peer IP address on the Azure VPN Gateway. This address is needed to configure the Azure VPN Gateway as a BGP Peer for your on-premises VPN devices.

$gw1pip1 = Get-AzPublicIpAddress -Name $GW1IPName1 -ResourceGroupName $RG1
$gw1pip2 = Get-AzPublicIpAddress -Name $GW1IPName2 -ResourceGroupName $RG1
$vnet1gw = Get-AzVirtualNetworkGateway -Name $GWName1 -ResourceGroupName $RG1

Use the following cmdlets to show the two public IP addresses allocated for your VPN gateway, and their corresponding BGP Peer IP addresses for each gateway instance:

PS D:\> $gw1pip1.IpAddress
198.51.100.5

PS D:\> $gw1pip2.IpAddress
203.0.113.129

PS D:\> $vnet1gw.BgpSettingsText
{
  "Asn": 65010,
  "BgpPeeringAddress": "10.12.255.4,10.12.255.5",
  "PeerWeight": 0
}

The order of the public IP addresses for the gateway instances and the corresponding BGP Peering Addresses are the same. In this example, the gateway VM with public IP of 198.51.100.5 uses 10.12.255.4 as its BGP Peering Address, and the gateway with 203.0.113.129 uses 10.12.255.5. This information is needed when you set up your on premises VPN devices connecting to the active-active gateway. The gateway is shown in the following diagram with all addresses:

Once the gateway is create , you is use can use this gateway to establish active – active cross – premise or vnet – to – vnet connection . The follow sections is walk walk through the step to complete the exercise .

Part 2 – Establish an active-active cross-premises connection

To establish a cross – premise connection , you is need need to create a Local Network Gateway to represent your on – premise vpn device , and a connection to connect the Azure VPN gateway with the local network gateway . In this example , the Azure VPN gateway is is is in active – active mode . As a result , even though there is only one on – premise vpn device ( local network gateway ) and one connection resource , both Azure VPN gateway instances is establish will establish S2S VPN tunnel with the on – premise device .

Before proceeding, make sure you have completed Part 1 of this exercise.

Step 1: Create and configure the local network gateway

1. Declare your variables

This exercise will continue to build the configuration shown in the diagram. Be sure to replace the values with the ones that you want to use for your configuration.

$RG5 = "TestAARG5"
$Location5 = "West US"
$LNGName51 = "Site5_1"
$LNGPrefix51 = "10.52.255.253/32"
$LNGIP51 = "192.0.2.13"
$LNGASN5 = 65050
$BGPPeerIP51 = "10.52.255.253"

A couple of things to note regarding the local network gateway parameters:

  • The local network gateway can be in the same or different location and resource group as the VPN gateway. This example shows them in different resource groups but in the same Azure location.
  • If there is only one on-premises VPN device (as shown in the example), the active-active connection can work with or without BGP protocol. This example uses BGP for the cross-premises connection.
  • If BGP is enabled, the prefix you need to declare for the local network gateway is the host address of your BGP Peer IP address on your VPN device. In this case, it’s a /32 prefix of “10.52.255.253/32”.
  • As a reminder, you must use different BGP ASNs between your on-premises networks and Azure VNet. If they’re the same, you need to change your VNet ASN if your on-premises VPN device already uses the ASN to peer with other BGP neighbors.

2. Create the local network gateway for Site5

Before you continue , make sure you ‘re still connect to Subscription 1 . create the resource group if it is n’t yet create .

New-AzResourceGroup -Name $RG5 -Location $Location5
New-AzLocalNetworkGateway -Name $LNGName51 -ResourceGroupName $RG5 -Location $Location5 -GatewayIpAddress $LNGIP51 -AddressPrefix $LNGPrefix51 -Asn $LNGASN5 -BgpPeeringAddress $BGPPeerIP51

Step 2: Connect the VNet gateway and local network gateway

1. Get the two gateways

$vnet1gw = Get-AzVirtualNetworkGateway -Name $GWName1  -ResourceGroupName $RG1
$lng5gw1 = Get-AzLocalNetworkGateway  -Name $LNGName51 -ResourceGroupName $RG5

2. Create the TestVNet1 to Site5 connection

In this step , you is create create the connection from TestVNet1 to site5_1 with ” EnableBGP ” set to $ true .

New-AzVirtualNetworkGatewayConnection -Name $Connection151 -ResourceGroupName $RG1 -VirtualNetworkGateway1 $vnet1gw -LocalNetworkGateway2 $lng5gw1 -Location $Location1 -ConnectionType IPsec -SharedKey 'AzureA1b2C3' -EnableBGP $True

3. VPN and BGP parameters for your on-premises VPN device

The following example lists the parameters that you enter into the BGP configuration section on your on-premises VPN device for this exercise:

- Site5 ASN            : 65050
- Site5 BGP IP         : 10.52.255.253
- Prefixes to announce : (for example) 10.51.0.0/16 and 10.52.0.0/16
- Azure VNet ASN       : 65010
- Azure VNet BGP IP 1  : 10.12.255.4 for tunnel to 198.51.100.5
- Azure VNet BGP IP 2  : 10.12.255.5 for tunnel to 203.0.113.129
- Static routes        : Destination 10.12.255.4/32, nexthop the VPN tunnel interface to 198.51.100.5
                         Destination 10.12.255.5/32, nexthop the VPN tunnel interface to 203.0.113.129
- eBGP Multihop        : Ensure the "multihop" option for eBGP is enabled on your device if needed

The connection should be established after a few minutes, and the BGP peering session will start once the IPsec connection is established. This example so far has configured only one on-premises VPN device, resulting in the following diagram:

step 3 : connect two on – premise VPN device to the active – active VPN gateway

If you have two VPN devices at the same on-premises network, you can achieve dual redundancy by connecting the Azure VPN gateway to the second VPN device.

1. Create the second local network gateway for Site5

The gateway IP address, address prefix, and BGP peering address for the second local network gateway must not overlap with the previous local network gateway for the same on-premises network.

$LNGName52 = "Site5_2"
$LNGPrefix52 = "10.52.255.254/32"
$LNGIP52 = "192.0.2.14"
$BGPPeerIP52 = "10.52.255.254"

New-AzLocalNetworkGateway -Name $LNGName52 -ResourceGroupName $RG5 -Location $Location5 -GatewayIpAddress $LNGIP52 -AddressPrefix $LNGPrefix52 -Asn $LNGASN5 -BgpPeeringAddress $BGPPeerIP52

2. Connect the VNet gateway and the second local network gateway

create the connection from TestVNet1 to site5_2 with ” EnableBGP ” set to $ true

$lng5gw2 = Get-AzLocalNetworkGateway -Name $LNGName52 -ResourceGroupName $RG5

New-AzVirtualNetworkGatewayConnection -Name $Connection152 -ResourceGroupName $RG1 -VirtualNetworkGateway1 $vnet1gw -LocalNetworkGateway2 $lng5gw2 -Location $Location1 -ConnectionType IPsec -SharedKey 'AzureA1b2C3' -EnableBGP $True

3. VPN and BGP parameters for your second on-premises VPN device

Similarly, the following example lists the parameters you’ll enter into the second VPN device:

- Site5 ASN            : 65050
- Site5 BGP IP         : 10.52.255.254
- Prefixes to announce : (for example) 10.51.0.0/16 and 10.52.0.0/16
- Azure VNet ASN       : 65010
- Azure VNet BGP IP 1  : 10.12.255.4 for tunnel to 198.51.100.5
- Azure VNet BGP IP 2  : 10.12.255.5 for tunnel to 203.0.113.129
- Static routes        : Destination 10.12.255.4/32, nexthop the VPN tunnel interface to 198.51.100.5
                         Destination 10.12.255.5/32, nexthop the VPN tunnel interface to 203.0.113.129
- eBGP Multihop        : Ensure the "multihop" option for eBGP is enabled on your device if needed

Once the connection (tunnels) are established, you’ll have dual redundant VPN devices and tunnels connecting your on-premises network and Azure:

Part 3 – Establish an active-active VNet-to-VNet connection

This section is creates create an active – active vnet – to – vnet connection with BGP . The follow instructions is continue continue from the previous step . You is complete must complete Part 1 to create and configure TestVNet1 and the VPN Gateway with BGP .

Step 1: Create TestVNet2 and the VPN gateway

It is ‘s ‘s important to make sure that the IP address space of the new virtual network , TestVNet2 , does n’t overlap with any of your vnet range .

In this example , the virtual networks is belong belong to the same subscription . You is set can set up vnet – to – vnet connection between different subscription ; refer to configure a vnet – to – vnet connection to learn more detail . Make sure you add the ” -EnableBgp $ true ” when create the connection to enable BGP .

1. Declare your variables

Be sure to replace the values with the ones that you want to use for your configuration.

$RG2 = "TestAARG2"
$Location2 = "East US"
$VNetName2 = "TestVNet2"
$FESubName2 = "FrontEnd"
$BESubName2 = "Backend"
$GWSubName2 = "GatewaySubnet"
$VNetPrefix21 = "10.21.0.0/16"
$VNetPrefix22 = "10.22.0.0/16"
$FESubPrefix2 = "10.21.0.0/24"
$BESubPrefix2 = "10.22.0.0/24"
$GWSubPrefix2 = "10.22.255.0/27"
$VNet2ASN = 65020
$GWName2 = "VNet2GW"
$GW2IPName1 = "VNet2GWIP1"
$GW2IPconf1 = "gw2ipconf1"
$GW2IPName2 = "VNet2GWIP2"
$GW2IPconf2 = "gw2ipconf2"
$Connection21 = "VNet2toVNet1"
$Connection12 = "VNet1toVNet2"

2. Create TestVNet2 in the new resource group

New - AzResourceGroup -Name $ rg2 -location $ location2 

 $ fesub2 = New - AzVirtualNetworkSubnetConfig -Name $ FESubName2 -addressprefix $ FESubPrefix2 
 $ besub2 = New - AzVirtualNetworkSubnetConfig -Name $ BESubName2 -addressprefix $ BESubPrefix2 
 $ gwsub2 = New - AzVirtualNetworkSubnetConfig -Name $ GWSubName2 -AddressPrefix $ GWSubPrefix2 

 New - azvirtualnetwork -Name $ VNetName2 -ResourceGroupName $ rg2 -location $ location2 -addressprefix $ VNetPrefix21,$VNetPrefix22 -Subnet $ fesub2,$besub2,$gwsub2

3. Create the active-active VPN gateway for TestVNet2

Request two public IP addresses to be allocated to the gateway you’ll create for your VNet. You’ll also define the subnet and IP configurations required.

$gw2pip1 = New-AzPublicIpAddress -Name $GW2IPName1 -ResourceGroupName $RG2 -Location $Location2 -AllocationMethod Dynamic
$gw2pip2 = New-AzPublicIpAddress -Name $GW2IPName2 -ResourceGroupName $RG2 -Location $Location2 -AllocationMethod Dynamic

$vnet2 = Get-AzVirtualNetwork -Name $VNetName2 -ResourceGroupName $RG2
$subnet2 = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet2
$gw2ipconf1 = New-AzVirtualNetworkGatewayIpConfig -Name $GW2IPconf1 -Subnet $subnet2 -PublicIpAddress $gw2pip1
$gw2ipconf2 = New-AzVirtualNetworkGatewayIpConfig -Name $GW2IPconf2 -Subnet $subnet2 -PublicIpAddress $gw2pip2

Create the VPN gateway with the AS number and the “EnableActiveActiveFeature” flag. You must override the default ASN on your Azure VPN gateways. The ASNs for the connected VNets must be different to enable BGP and transit routing.

new - azvirtualnetworkgateway -Name $ GWName2 -ResourceGroupName $ rg2 -location $ Location2 is -IpConfigurations -ipconfiguration $ gw2ipconf1,$gw2ipconf2 -GatewayType Vpn -VpnType routebase -GatewaySku VpnGw1 -Asn $ vnet2asn -enableactiveactivefeature

Step 2: Connect the TestVNet1 and TestVNet2 gateways

In this example, both gateways are in the same subscription. You can complete this step in the same PowerShell session.

1 . Get both gateway

Make sure you sign in and connect to Subscription 1.

$vnet1gw = Get-AzVirtualNetworkGateway -Name $GWName1 -ResourceGroupName $RG1
$vnet2gw = Get-AzVirtualNetworkGateway -Name $GWName2 -ResourceGroupName $RG2

2. Create both connections

In this step, you create the connection from TestVNet1 to TestVNet2, and the connection from TestVNet2 to TestVNet1.

new - azvirtualnetworkgatewayconnection -Name $ connection12 -ResourceGroupName $ rg1 -VirtualNetworkGateway1 $ vnet1gw -VirtualNetworkGateway2 $ vnet2gw -location $ Location1 -ConnectionType Vnet2Vnet -SharedKey ' AzureA1b2C3 ' -enablebgp $ true 

 New - azvirtualnetworkgatewayconnection -Name $ Connection21 -ResourceGroupName $ rg2 -VirtualNetworkGateway1 $ vnet2gw -VirtualNetworkGateway2 $ vnet1gw -location $ location2 -ConnectionType Vnet2Vnet -SharedKey ' AzureA1b2C3 ' -enablebgp $ true

important

Be sure to enable BGP for BOTH connections.

After completing these steps, the connection will be established in a few minutes, and the BGP peering session will be up once the VNet-to-VNet connection is completed with dual redundancy:

Update an existing VPN gateway

When you change an active-standby gateway to active-active, you create another public IP address, then add a second Gateway IP configuration. This section helps you change an existing Azure VPN gateway from active-standby to active-active mode, or vice versa using PowerShell. You can also change a gateway in the Azure portal on the Configuration page for your virtual network gateway.

Change an active-standby gateway to an active-active gateway

The follow example is converts convert an active – standby gateway into an active – active gateway .

1. Declare your variables

Replace the following parameters used for the examples with the settings that you require for your own configuration, then declare these variables.

$GWName = "TestVNetAA1GW"
$VNetName = "TestVNetAA1"
$RG = "TestVPNActiveActive01"
$GWIPName2 = "gwpip2"
$GWIPconf2 = "gw1ipconf2"

After declaring the variables, you can copy and paste this example to your PowerShell console.

$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gw = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
$location = $gw.Location

2. Create the public IP address, then add the second gateway IP configuration

$gwpip2 = New-AzPublicIpAddress -Name $GWIPName2 -ResourceGroupName $RG -Location $location -AllocationMethod Dynamic
Add-AzVirtualNetworkGatewayIpConfig -VirtualNetworkGateway $gw -Name $GWIPconf2 -Subnet $subnet -PublicIpAddress $gwpip2

3 . enable active – active mode and update the gateway

In this step, you enable active-active mode and update the gateway. In the example, the VPN gateway is currently using a legacy Standard SKU. However, active-active doesn’t support the Standard SKU. To resize the legacy SKU to one that is supported (in this case, HighPerformance), you simply specify the supported legacy SKU that you want to use.

  • You can’t change a legacy SKU to one of the new SKUs using this step. You can only resize a legacy SKU to another supported legacy SKU. For example, you can’t change the SKU from Standard to VpnGw1 (even though VpnGw1 is supported for active-active) because Standard is a legacy SKU and VpnGw1 is a current SKU. For more information about resizing and migrating SKUs, see Gateway SKUs.

  • If you want to resize a current SKU, for example VpnGw1 to VpnGw3, you can do so using this step because the SKUs are in the same SKU family. To do so, you would use the value: -GatewaySku VpnGw3

When you’re using this in your environment, if you don’t need to resize the gateway, you won’t need to specify the -GatewaySku. Notice that in this step, you must set the gateway object in PowerShell to trigger the actual update. This update can take 30 to 45 minutes, even if you aren’t resizing your gateway.

Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -EnableActiveActiveFeature -GatewaySku HighPerformance

change an active – active gateway to an active – standby gateway

1. Declare your variables

Replace the following parameters used for the examples with the settings that you require for your own configuration, then declare these variables.

$GWName = "TestVNetAA1GW"
$RG = "TestVPNActiveActive01"

After declaring the variables, get the name of the IP configuration you want to remove.

$ gw = Get - azvirtualnetworkgateway -Name $ gwname -ResourceGroupName $ rg 
 $ ipconfname = $ gw . IpConfigurations[1].Name

2. Remove the gateway IP configuration and disable the active-active mode

Use this example to remove the gateway IP configuration and disable active-active mode. Notice that you must set the gateway object in PowerShell to trigger the actual update.

Remove-AzVirtualNetworkGatewayIpConfig -Name $ipconfname -VirtualNetworkGateway $gw
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -DisableActiveActiveFeature

This update can take up to 30 to 45 minutes.

Next steps

Once your connection is complete, you can add virtual machines to your virtual networks. See Create a Virtual Machine for steps.