Azure VPN gateway smooth replacement

Hugues SAUVAGE 21 Reputation points
2020-08-28T10:31:55.123+00:00

Hello,
I want to replace my old legacy vpn gateway to a new generation vpn gateway.
I only found process of deleting the existing gateway and recreate a new gateway.
But we have a business that can't wait 45 mn to create a new VPN Gateway. I can only manage few mn of disconnection.
Is there another way to change the VPN gateway?
I thought using a new vNet with a new Gateway, peering both vnet and define UDR route in each gateway subnet.
So, we can move connection by connection (each vpn connection can have few hours of disconnection)

Actual
Vnet01 – vpngw1 – 5 S2S vpn connections

Transit
Vnet01 – vpngw1 – 3 S2S vpn connections
Add Vnet02 – vpngw2 – 2 S2S connections
vnet01 – peering – vnet02
UDR in vpngw1 subnet to use vpngw2 for S2S connections in vpngw2
UDR in vpngw2 subnet to use vpngw1 for S2S connections in vpngw1

Final
Vnet01- peer – vnet02 – vpngw2 – 5 S2S connections
vnet02 would be considered as a hub vnet and vnet01 as a spoke vnet.

Do you think it can be done this way ?
Do you experience a better way ?

Thanks
Hugues

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,556 questions
0 comments
Accepted answer
  1. Andreas Baumgarten 110.9K Reputation points MVP
    2020-08-28T19:40:16.097+00:00

    For me the transit and final configuration looks good.
    I think the modification of the routing will last just a short time to get activated.
    Just take care the on-premises environments connected by the site2site connections are modified with the correct routing information right in time as well.

    Maybe this is helpful.

    Regards

    Andreas Baumgarten

    (Please don't forget to Accept as answer if the reply is helpful)

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,236 Reputation points
    2020-08-31T23:48:37.04+00:00

    @Hugues SAUVAGE

    The transition plan looks good to me for moving the VPNs 1 by 1. What I can suggest further to make this process even more efficient is setting up the VPNs to the new gateway first (before deleting the existing VPN to the older gateway so that the VPN is still running and passing traffic). Once the new VPN to the new GW comes up, tweak the routes etc., so traffic flips to the newer one. This will result in very less downtime as the new VPN is already built and the only change you need to make is add/modify routes for traffic to start using the newer GW and that's the only downtime you will have essentially.

    I hope this is helpful. If you have any further questions/concerns, please feel free to let us know and we will gladly assist. Thank you!

    0 comments
  2. Hugues SAUVAGE 21 Reputation points
    2020-09-03T10:00:54.243+00:00

    Hello,
    Thanks for the answers.
    I will try in a few month and let you know how it worked.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.