Create Site to Site VPN from Virtual WAN VPN Gateway to my Customer's Virtual WAN VPN Gateway

Greg Bonk 66 Reputation points
2024-08-14T13:55:45.3866667+00:00

My corporate network uses Virtual WAN and Hub with multiple VNets connected to my hub.

I have a customer that also has a similar configuration of a Virtual WAN and Hub with multiple VNets connected to their hub.

My Customer and I want to create a Site-To-Site VPN between our two networks. We tried a standalone Virtual Network Gateway in a VNET but we are restricted because Virtual Hub already has a Virtual Network Gateway built in.

It seems then the only way to connect our two networks is to create a site-to-site VPN using the Virtual Network Gateways built into our Virtual Hubs.

We have tried creating a VPN Site in our respective WANs and the link seems to connect ( green check ) but there isn't really any communication that seems to be occurring cross the link. Also I'm wondering because the ASN(s) are identical between my customer's vpn gateway and mine.

Is joining two separate Azure Cloud networks the use Virtual WAN/HUB possible?

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
215 questions
0 comments
Accepted answer
  1. ChaitanyaNaykodi-MSFT 25,841 Reputation points Microsoft Employee
    2024-08-14T23:41:34.47+00:00

    @Greg Bonk

    Thank you for reaching out.

    I understand you wish to connect two different VWANs together using a Site-to-Site VPN connection between the two WAN Hubs VPN Gateway.

    You understanding from the below statement is correct

    but there isn't really any communication that seems to be occurring cross the link. Also I'm wondering because the ASN(s) are identical between my customer's vpn gateway and mine.

    As in vWAN VPN Gateways you currently cannot change the ASN of the HUB VPN GW so even though links show as connected the BGP connectivity will not happen. In BGP enabled VPN eBGP connection needs to be established and to make this happen two sites need to have a different ASN. So, no BGP enabled S2S connection is possible between two WAN VPN Gateway.

    You should be able to establish S2S connection here but keep BGP disabled. Currently there is no official documentation available for this scenario, but you can refer to this third party blog by erjosito to help establish this connectivity.

    Meanwhile if it helps in your scenario, instead of connecting the two WAN Hubs together you can refer to this guide or connecting cross-tenant VNets to a Virtual Wan hub instead.

    https://video2.skills-academy.com/en-us/azure/virtual-wan/cross-tenant-vnet

    It will also help if you could share documentation feedback for this scenario, so that the team can understand your business requirement and create documentation for this case. You can share your feedback here.

    User's image

    Hoper this helps! Please let me know if you have any additional questions. Thank you!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.