Merge pull request #248624 from cherylmc/vpngw-transitcopy

Update screenshots

Author: JamesJBarnett

articles/vpn-gateway/media/vpn-gateway-peering-gateway-transit/modify-peering-settings.png

@@ -5,7 +5,7 @@ titleSuffix: Azure VPN Gateway
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 11/09/2022
+ms.date: 08/18/2023
 ms.author: cherylmc 
 ms.custom: devx-track-azurepowershell
 
@@ -16,28 +16,32 @@ This article helps you configure gateway transit for virtual network peering. [V
 
 :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/gatewaytransit.png" alt-text="Diagram of Gateway transit." lightbox="./media/vpn-gateway-peering-gateway-transit/gatewaytransit.png":::
 
-In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual networks. The transit option is available for peering between the same, or different deployment models. If you're configuring transit between different deployment models, the hub virtual network and virtual network gateway must be in the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md), not the classic deployment model.
+In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual networks. 
+
+The transit option is available for peering between the same, or different deployment models. If you're configuring transit between different deployment models, the hub virtual network and virtual network gateway must be in the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md), not the legacy classic deployment model.
 >
 
-In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network. Routes to the gateway-connected virtual networks or on-premises networks will propagate to the routing tables for the peered virtual networks using gateway transit. You can disable the automatic route propagation from the VPN gateway. Create a routing table with the "**Disable BGP route propagation**" option, and associate the routing table to the subnets to prevent the route distribution to those subnets. For more information, see [Virtual network routing table](../virtual-network/manage-route-table.md).
+In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network. Routes to the gateway-connected virtual networks or on-premises networks propagate to the routing tables for the peered virtual networks using gateway transit. 
+
+You can disable the automatic route propagation from the VPN gateway. Create a routing table with the "**Disable BGP route propagation**" option, and associate the routing table to the subnets to prevent the route distribution to those subnets. For more information, see [Virtual network routing table](../virtual-network/manage-route-table.md).
 
-There are two scenarios in this article:
+There are two scenarios in this article. Select the scenario that applies to your environment. Most people use the **Same deployment model** scenario. If you aren't working with a classic deployment model VNet (legacy VNet) that already exists in your environment, you won't need to work with the **Different deployment models** scenario.
 
 * **Same deployment model**: Both virtual networks are created in the Resource Manager deployment model.
-* **Different deployment models**: The spoke virtual network is created in the classic deployment model, and the hub virtual network and gateway are in the Resource Manager deployment model.
+* **Different deployment models**: The spoke virtual network is created in the classic deployment model, and the hub virtual network and gateway are in the Resource Manager deployment model. This scenario is useful when you need to connect a legacy VNet that already exists in the classic deployment model.
 
 >[!NOTE]
 > If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
 >
 
 ## Prerequisites
 
-Before you begin, verify that you have the following virtual networks and permissions:
+This article requires the following VNets and permissions. If you aren't working with the different deployment model scenario, you don't need to create the classic VNet.
 
 ### <a name="vnet"></a>Virtual networks
 
-| VNet          | Deployment model                                                      | Virtual network gateway                  |
-|---------------|-----------------------------------------------------------------------|------------------------------------------|
+| VNet | Configuration steps| Virtual network gateway|
+|---|---|---|
 | Hub-RM        | [Resource Manager](./tutorial-site-to-site-portal.md)                 | [Yes](tutorial-create-gateway-portal.md) |
 | Spoke-RM      | [Resource Manager](./tutorial-site-to-site-portal.md)                 | No                                       |
 | Spoke-Classic | [Classic](vpn-gateway-howto-site-to-site-classic-portal.md#CreatVNet) | No                                       |
@@ -57,28 +61,30 @@ Learn more about [built-in roles](../role-based-access-control/built-in-roles.md
 
 ## <a name="same"></a>Same deployment model
 
-In this scenario, the virtual networks are both in the Resource Manager deployment model. Use the following steps to create or update the virtual network peerings to enable gateway transit.
+This is the more common scenario. In this scenario, the virtual networks are both in the Resource Manager deployment model. Use the following steps to create or update the virtual network peerings to enable gateway transit.
 
 ### To add a peering and enable transit
 
-1. In the [Azure portal](https://portal.azure.com), create or update the virtual network peering from the Hub-RM. Navigate to the **Hub-RM** virtual network. Select **Peerings**, then **+ Add** to open **Add peering**.
+1. In the [Azure portal](https://portal.azure.com), create or update the virtual network peering from the Hub-RM. Go to the **Hub-RM** virtual network. Select **Peerings**, then **+ Add** to open **Add peering**.
 1. On the **Add peering** page, configure the values for **This virtual network**.
 
    * Peering link name: Name the link. Example: **HubRMToSpokeRM**
    * Traffic to remote virtual network: **Allow**
    * Traffic forwarded from remote virtual network: **Allow**
-   * Virtual network gateway: **Use this virtual network's gateway**
+   * Virtual network gateway: **Use this virtual network's gateway or Route Server**
 
      :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/peering-vnet.png" alt-text="Screenshot shows add peering." lightbox="./media/vpn-gateway-peering-gateway-transit/peering-vnet.png":::
 
 1. On the same page, continue on to configure the values for the **Remote virtual network**.
 
    * Peering link name: Name the link. Example: **SpokeRMtoHubRM**
-   * Deployment model: **Resource Manager**
+   * Virtual network deployment model: **Resource Manager**
+   * I know my resource ID: Leave blank. You only need to select this if you don't have read access to the virtual network or subscription you want to peer with.
+   * Subscription: Select the subscription.
    * Virtual Network: **Spoke-RM**
    * Traffic to remote virtual network: **Allow**
    * Traffic forwarded from remote virtual network: **Allow**
-   * Virtual network gateway: **Use the remote virtual network's gateway**
+   * Virtual network gateway: **Use the remote virtual network's gateway or Route Server**
 
      :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/peering-remote.png" alt-text="Screenshot shows values for remote virtual network." lightbox="./media/vpn-gateway-peering-gateway-transit/peering-remote.png":::
 
@@ -87,25 +93,21 @@ In this scenario, the virtual networks are both in the Resource Manager deployme
 
 ### To modify an existing peering for transit
 
-If the peering was already created, you can modify the peering for transit.
+If you have an already existing peering, you can modify the peering for transit.
 
-1. Navigate to the virtual network. Select **Peerings** and select the peering that you want to modify.
-
-   :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/peering-modify.png" alt-text="Screenshot shows select peerings." lightbox="./media/vpn-gateway-peering-gateway-transit/peering-modify.png":::
+1. Go to the virtual network. Select **Peerings** and select the peering that you want to modify. For example, on the Spoke-RM VNet, select the SpokeRMtoHubRM peering.
 
 1. Update the VNet peering.
 
    * Traffic to remote virtual network: **Allow**
    * Traffic forwarded to virtual network; **Allow**
-   * Virtual network gateway: **Use remote virtual network's gateway**
-
-     :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/modify-peering-settings.png" alt-text="Screenshot shows modify peering gateway." lightbox="./media/vpn-gateway-peering-gateway-transit/modify-peering-settings.png":::
+   * Virtual network gateway or Route Server: **Use the remote virtual network's gateway or Route Server**
 
 1. **Save** the peering settings.
 
 ### <a name="ps-same"></a>PowerShell sample
 
-You can also use PowerShell to create or update the peering with the example above. Replace the variables with the names of your virtual networks and resource groups.
+You can also use PowerShell to create or update the peering. Replace the variables with the names of your virtual networks and resource groups.
 
 ```azurepowershell-interactive
 $SpokeRG = "SpokeRG1"
@@ -135,26 +137,28 @@ In this configuration, the spoke VNet **Spoke-Classic** is in the classic deploy
 
 For this configuration, you only need to configure the **Hub-RM** virtual network. You don't need to configure anything on the **Spoke-Classic** VNet.
 
-1. In the Azure portal, navigate to the **Hub-RM** virtual network, select **Peerings**, then select **+ Add**.
+1. In the Azure portal, go to the **Hub-RM** virtual network, select **Peerings**, then select **+ Add**.
 1. On the **Add peering** page, configure the following values:
 
    * Peering link name: Name the link. Example: **HubRMToClassic**
    * Traffic to remote virtual network: **Allow**
    * Traffic forwarded from remote virtual network: **Allow**
-   * Virtual network gateway: **Use this virtual network's gateway**
-   * Remote virtual network: **Classic**
+   * Virtual network gateway or Route Server: **Use this virtual network's gateway or Route Server**
+   * Peering link name: This value disappears when you select Classic for the virtual network deployment model.
+   * Virtual network deployment model: **Classic**
+   * I know my resource ID: Leave blank. You only need to select this if you don't have read access to the virtual network or subscription you want to peer with.
 
      :::image type="content" source="./media/vpn-gateway-peering-gateway-transit/peering-classic.png" alt-text="Add peering page for Spoke-Classic" lightbox="./media/vpn-gateway-peering-gateway-transit/peering-classic.png":::
 
 1. Verify the subscription is correct, then select the virtual network from the dropdown.
 1. Select **Add** to add the peering.
-1. Verify the peering status as **Connected** on the Hub-RM virtual network. 
+1. Verify the peering status as **Connected** on the Hub-RM virtual network.
 
 For this configuration, you don't need to configure anything on the **Spoke-Classic** virtual network. Once the status shows **Connected**, the spoke virtual network can use the connectivity through the VPN gateway in the hub virtual network.
 
 ### <a name="ps-different"></a>PowerShell sample
 
-You can also use PowerShell to create or update the peering with the example above. Replace the variables and subscription ID with the values of your virtual network and resource groups, and subscription. You only need to create virtual network peering on the hub virtual network.
+You can also use PowerShell to create or update the peering. Replace the variables and subscription ID with the values of your virtual network and resource groups, and subscription. You only need to create virtual network peering on the hub virtual network.
 
 ```azurepowershell-interactive
 $HubRG   = "HubRG1"