Fix Acrolinx issues

tracsman · tracsman · commit 5485dcb3e344 · 2025-07-16T17:47:22.000-07:00
diff --git a/articles/vpn-gateway/site-to-site-high-bandwidth-tunnel.md b/articles/vpn-gateway/site-to-site-high-bandwidth-tunnel.md
@@ -14,14 +14,14 @@ ms.date: 07/14/2025
 # Create a Site-to-Site High Bandwidth tunnels in the Azure portal
 The Azure VPN Gateway High Bandwidth tunnels feature, a part of the Advanced Connectivity set of features, introduces significant improvements in tunnel throughput, enabling high-performance IPsec connections between the on-premises network and the Azure VNet. These High Bandwidth tunnels are established between a VPN device on-premises and the Azure VPN Gateway deployed in the Azure VNet, transiting through an ExpressRoute private peering. Utilizing private IP address networks on-premises, these tunnels create a secure overlay network between the on-premises infrastructure and the Azure VNet.
 
-The High Bandwidth tunnels meet customer security compliance requirements by providing end-to-end encryption, effectively overcoming encryption bottlenecks. It allows for the establishment of four tunnels between the Azure VPN Gateway and the on-premises VPN device. The High Bandwidth tunnels allows the creation of two Connections with two IPsec tunnels for each Connection. Each IPsec tunnel can deliver a throughput of 5Gbps, achieving a total encrypted aggregate throughput of 20Gbps. The network diagram clarifies the configuration:
+The High Bandwidth tunnels meet customer security compliance requirements by providing end-to-end encryption, effectively overcoming encryption bottlenecks. It allows for the establishment of four tunnels between the Azure VPN Gateway and the on-premises VPN device. The High Bandwidth tunnels allow for the creation of two Connections with two IPsec tunnels for each Connection. Each IPsec tunnel can deliver a throughput of 5 Gbps, achieving a total encrypted aggregate throughput of 20 Gbps. The network diagram clarifies the configuration:
 
 ![1]
 
 ## Prerequisites
 The VPN High Bandwidth tunnels require the presence of FastPath in an ExpressRoute Connection. Currently FastPath is supported only in ExpressRoute Direct Port Pair. Therefore, the ExpressRoute circuit required to be deployed on ExpressRoute Direct port pair for the correct setting of the solution.
 
-This article assumes the presence in the Azure subscription of an ExpressRoute circuit configured on Direct port pair with private peering, along with a Virtual Network (VNet). In the article the Azure VNet is created with address space 10.1.0.0./16 and Gateway subnet 10.1.0.0/26
+This article assumes the presence in the Azure subscription of an ExpressRoute circuit configured on Direct port pair with private peering, along with a Virtual Network (VNet). The Azure VNet is created with address space 10.1.0.0./16 and Gateway subnet 10.1.0.0/26
 
 The full list of required objects are:
  - ExpressRoute Direct Port
@@ -53,7 +53,7 @@ Set-AzVirtualNetworkGatewayConnection  -VirtualNetworkGatewayConnection $connect
 ```
 After enabling FastPath, the value of **$connection.ExpressRouteGatewayBypass** should have the value **$true**.
 
-In the Azure management portal navigate to the Connections blade of your ExpressRoute circuit. Under Settings-Configuration, verified the FastPath setting to Enable
+In the Azure management portal, navigate to the Connections blade of your ExpressRoute circuit. Under Settings-Configuration, verified the FastPath setting to Enable
 
 ![3]
 
@@ -66,9 +66,9 @@ Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connecti
 At this stage of deployment, the Azure VNet is connected to the on-premises networks, and ExpressRoute is properly configured to support High Bandwidth tunnels.
 
 ## <a name="on-premises network"></a>Advertisement of the on-premises network to the ExpressRoute circuit
-IPsec tunnels are established via transit through ExpressRoute private peering. To enable these tunnels, the private IP addresses of the on-premises VPN devices must be advertised from the customer’s edge routers to the Microsoft Enterprise Edge (MSEE) routers. If other on-prem networks are advertised to ExpressRoute, this runs the risk of "leaking" these routes to the VNet which could bypass the VPN Gateway and traffic could go directly to the ExpressRoute gateway, bypassing encryption. So it's important to only advertise the VPN Device tunnel IPs over ExpressRoute.
+IPsec tunnels are established via transit through ExpressRoute private peering. To enable these tunnels, the private IP addresses of the on-premises VPN devices must be advertised from the customer’s edge routers to the Microsoft Enterprise Edge (MSEE) routers. If other on-prem networks are advertised to ExpressRoute, this runs the risk of "leaking" these routes to the VNet, which could bypass the VPN Gateway and traffic could go directly to the ExpressRoute gateway, bypassing encryption. So it's important to only advertise the VPN Device tunnel IPs over ExpressRoute.
 
-The routes between the VPN Device and the VPN Gateway should contain the detailed on-prem networks, this can be via static routes or BGP, but keep your on-prem networks in this routeing "channel" to ensure Azure traffic to on-prem is encrypted before entering the ExpressRoute data path (inside the VPN tunnel).
+The routes between the VPN Device and the VPN Gateway should contain the detailed on-prem networks, routing can be via static routes or Border Gateway Protocol (BGP). By keeping your on-prem networks in this routing "channel" you'll ensure Azure traffic to on-prem is encrypted before entering the ExpressRoute data path, traveling inside the VPN tunnel.
 
 If you do add routes to ExpressRoute that you wish to encrypt, a UDR will be needed on the VNets pointing to the VPN Gateway as the next hop to ensure that traffic is put into the encrypted tunnel before transiting ExpressRoute.
 
@@ -102,11 +102,11 @@ In the Azure portal:
 
 > [!NOTE]
 > To select the High Bandwidth VPN Gateway in the Azure portal, enable the **Enable Advanced Connectivity** property during gateway creation. When this option is selected, Azure automatically configures the gateway in active-active mode.
->  High Bandwidth tunnels can be deployed with static routing or BGP. The High Bandwidth tunnels is supported only in VPN Gateway route-based.
+>  High Bandwidth tunnels can be deployed with static routing or BGP. The High Bandwidth tunnels are supported only in VPN Gateway route-based gateways.
 
 A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the **Overview** page for your gateway.
 
-In a High Bandwidth VPN Gateway setup, traffic is routed through the private IP addresses of the VPN Gateway instance. Although two public IP addresses are still assigned during deployment, their exclusive function is to facilitate communication with the Azure control plane. These public IPs are not involved in establishing IPsec tunnels.
+In a High Bandwidth VPN Gateway setup, traffic is routed through the private IP addresses of the VPN Gateway instance. Although two public IP addresses are still assigned during deployment, their exclusive function is to facilitate communication with the Azure control plane. These public IPs aren't involved in establishing IPsec tunnels.
 
 ## <a name="LocalNetworkGateway"></a>Create a local network gateway
 
@@ -135,7 +135,7 @@ Create two local network gateways by using the following values:
 
 ![8]
 
-After the deployment of the two Local Network Gateways you are ready to proceed with VPN Connections.
+After the deployment of the two Local Network Gateways you're ready to proceed with VPN Connections.
 
 ## <a name="CreateConnection"></a>Create VPN Connections
 The VPN High Bandwidth Gateway supports a maximum of two VPN Connections. 
@@ -146,7 +146,7 @@ Create two Connections by using the following values:
 * **Name**: vpnConn1
 * **Virtual network gateway**: vpnHB
 * **Local network gateway name**: vpnConn1
-* **Shared key**: For this example, **abc123** is used as an exampole. But you can use whatever is compatible with your VPN hardware. The important thing is that the values match on both sides of the connection.
+* **Shared key**: For this example, **abc123** is used as an example. But you can use whatever is compatible with your VPN hardware. The important thing is that the values match on both sides of the connection.
 
 * **Connection type**: Site-to-site
 * **Name**: vpnConn2
@@ -252,7 +252,7 @@ You can customize site-to-site configurations in various ways. For more informat
 
 ## Clean up resources
 
-If you are not going to continue to use these resources, your should delete them.
+If you aren't going to continue to use these resources, you should delete them.
 
 1. Enter the name of your resource group in the **Search** box at the top of the portal and select it from the search results.
 1. Select **Delete resource group**.
@@ -265,7 +265,7 @@ For more information about VPN Gateway, see the [VPN Gateway FAQ](vpn-gateway-vp
 <!--Link References-->
 
 <!--Image References-->
-[1]: ./media/site-to-site-high-bandwidth-tunnel/transit-hb-tunnels.png "transit High Bandwidth IPsec tunnels"
+[1]: ./media/site-to-site-high-bandwidth-tunnel/transit-hb-tunnels.png "Transit High Bandwidth IPsec tunnels"
 [2]: ./media/site-to-site-high-bandwidth-tunnel/er-gateway.png "ExpressRoute gateway"
 [3]: ./media/site-to-site-high-bandwidth-tunnel/expressroute-connection-fastpath.png "ExpressRoute Connection with FastPath enabled"
 [4]: ./media/site-to-site-high-bandwidth-tunnel/vpn-gw-hb.png "VPN Gateway High Bandwidth tunnels"
