You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/site-to-site-vpn-private-peering.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,9 +25,9 @@ This feature is only available for standard-IP based gateways.
25
25
26
26
To complete this configuration, verify that you meet the following prerequisites:
27
27
28
-
* You have a functioning ExpressRoute circuit that is linked to the VNet where the VPN gateway is (or will be) created.
28
+
* You have a functioning ExpressRoute circuit that is linked to the virtual network where the VPN gateway is (or will be) created.
29
29
30
-
* You can reach resources over RFC1918 (private) IP in the VNet over the ExpressRoute circuit.
30
+
* You can reach resources over RFC1918 (private) IP in the virtual network over the ExpressRoute circuit.
31
31
32
32
## <aname="routing"></a>Routing
33
33
@@ -45,7 +45,7 @@ Establishing connectivity is straightforward:
45
45
46
46
### Traffic from on-premises networks to Azure
47
47
48
-
For traffic from on-premises networks to Azure, the Azure prefixes are advertised via both the ExpressRoute private peering BGP, and the VPN BGP if BGP is configured on your VPN Gateway. The result is two network routes (paths) toward Azure from the on-premises networks:
48
+
For traffic from on-premises networks to Azure, the Azure prefixes are advertised via both the ExpressRoute private peering BGP, and the VPN BGP if BGP is configured on your VPN gateway. The result is two network routes (paths) toward Azure from the on-premises networks:
49
49
50
50
• One network route over the IPsec-protected path.
51
51
@@ -70,16 +70,15 @@ In both of these examples, Azure will send traffic to 10.0.1.0/24 over the VPN c
70
70
71
71
1. Configure a Site-to-Site connection. For steps, see the [Site-to-site configuration](./tutorial-site-to-site-portal.md) article. Be sure to pick a gateway with a Standard Public IP.
72
72
1. Enable Private IPs on the gateway. Select **Configuration**, then set **Gateway Private IPs** to **Enabled**. Select **Save** to save your changes.
73
-
1. On the **Overview** page, select **See More** to view the private IP address. Write down this information to use later in the configuration steps.
73
+
1. On the **Overview** page, select **See More** to view the private IP address. Write down this information to use later in the configuration steps. If you have an active-active mode VPN gateway, you'll see two private IP addresses.
1. To enable **Use Azure Private IP Address** on the connection, select **Configuration**. Set **Use Azure Private IP Address** to **Enabled**, then select **Save**.
75
+
:::image type="content" source="media/site-to-site-vpn-private-peering/see-more.png" alt-text="Screenshot of the Overview page with See More selected." lightbox="media/site-to-site-vpn-private-peering/see-more.png":::
76
+
1. To enable **Use Azure Private IP Address** on the connection, go to the **Configuration** page. Set **Use Azure Private IP Address** to **Enabled**, then select **Save**.
1. Use the private IP that you wrote down in step 3 as the remote IP on your on-premises firewall to establish the Site-to-Site tunnel over the ExpressRoute private peering.
78
+
1. Use the private IP address that you wrote down in step 3 as the remote IP on your on-premises firewall to establish the Site-to-Site tunnel over the ExpressRoute private peering.
80
79
81
80
> [!NOTE]
82
-
> Configurig BGP on your VPN Gateway is not required to achieve a VPN connection over ExpressRoute private peering.
81
+
> Configuring BGP on your VPN gateway is not required to achieve a VPN connection over ExpressRoute private peering.
0 commit comments