Hello @Matthijs de Beer ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like know if it is possible to connect a vWAN virtual hub to a VNet with existing VPN Gateway.
It is not possible to create a VNet Connection between your current hub and the VWAN virtual hub, because in order to connect a Vnet to a virtual hub, the remote virtual network can't have a gateway. In your case, there is a VPN gateway deployed in the hub Vnet, so it cannot be connected to the Virtual hub directly. This is by design.
Refer : https://video2.skills-academy.com/en-us/azure/virtual-wan/howto-connect-vnet-hub
However, it is possible to set up connectivity from an Azure VPN Gateway (virtual network gateway) to an Azure Virtual WAN (VPN gateway) using a site-to-site connection. Creating a connection from a VPN Gateway (virtual network gateway) to a Virtual WAN (VPN gateway) is similar to setting up connectivity to a virtual WAN from branch VPN sites.
Below are the steps to connect a VPN Gateway (virtual network gateway) to a Virtual WAN using site-to-site VPN connection:
- Create a Virtual WAN, if you don't have one.
- Create a virtual hub containing the Virtual WAN VPN gateway, if it doesn't exist.
- Configure your already existing Vnet VPN gateway to enable Active-active mode setting as this is needed for the connection to work.
- Then create two Virtual WAN VPN sites that correspond to the 2 IP addresses of the virtual network gateway you have in your Vnet.
- Next, connect both sites to your virtual hub using the steps in the following doc: https://video2.skills-academy.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal#connectsites
- Download the VPN configuration file for each of the sites that you created in the VWAN.
- Then create two Azure VPN local network gateways using the configuration files downloaded from the previous step.
- Create 2 connections between the VPN Gateway local network gateways and virtual network gateway. On the Configuration page, for BGP, select Enabled.
- Then you can test connectivity between the two virtual machines (one on the side of the VPN Gateway/virtual network gateway, and one in a virtual network for the Virtual WAN) and you should be able to ping one VM from the other, unless there are any firewalls or other policies blocking the communication.
Refer : https://video2.skills-academy.com/en-us/azure/virtual-wan/connect-virtual-network-gateway-vwan
https://video2.skills-academy.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal#hub
https://video2.skills-academy.com/en-us/azure/virtual-wan/howto-connect-vnet-hub
Kindly let us know if the above helped or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.