When trying to connect 2 VNet Gateways, my 2nd VNet Gateway is greyed out

Gareth 0 Reputation points
2023-09-07T16:00:49.1733333+00:00

I am new to MS Azure so please be easy on me. I have successfully configured a Site to Site VPN to my on prem network and an Azure Point to site Client VPN.

This is working but we have now decided on a Express Route which I have managed to setup and is working with our on prem network.

I thought I would be able to setup an Azure Point to site Client VPN but cant see the option so I belive I need to keep the current VPN Gateway with the point to site VPN setup and link the ExpressRoute Gateway VNets together.

When I go into a VNet gateway and try to setup a connection between the 2 VNets, the VNet used by the Express route is greyed out, Im not sure why!?

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,529 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
373 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 26,101 Reputation points Microsoft Employee
    2023-09-11T18:56:09.55+00:00

    @Gareth

    Thank you for sharing the details above and thank you for your patience throughout this process.

    I think the cause of the issue here is that you are trying to use Virtual Network Gateway of type Express Route deployed in in the SR-VNetGW2 to establish a VNET-VNET VPN gateway connection. When you connect a virtual network to another virtual network with a VNet-to-VNet connection type (VNet2VNet), it's similar to creating a Site-to-Site IPsec connection to an on-premises location. VNet-to-VNet connection uses a VPN gateway to provide a secure tunnel with IPsec/IKE and function the same way when communicating. Based on the network diagram above as SR-VNetGW2 contains Virtual Network Gateway of type ExpressRoute hence it is greyed out. You can go through this documentation for additional details on Gateway types.

    In Azure a virtual network can have only two virtual network gateways: one VPN gateway and one ExpressRoute gateway. Based on your requirement you can create an additional Virtual Network Gateway of type VPN in your SR-VNetGW2 VNET and then create the required VNET-VNET VPN gateway connection.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.