Merge pull request #263413 from cherylmc/subnet-fix

GatewaySubnet

Author: v-regandowner

articles/vpn-gateway/tutorial-create-gateway-portal.md

@@ -6,7 +6,7 @@ author: cherylmc
 ms.author: cherylmc
 ms.service: vpn-gateway
 ms.topic: tutorial
-ms.date: 11/20/2023
+ms.date: 01/17/2024
 
 ---
 
@@ -49,6 +49,12 @@ Create a VNet using the following values:
 
 After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md)
 
+## Create a gateway subnet
+
+The virtual network gateway requires a specific subnet named **GatewaySubnet**. The gateway subnet is part of IP address range for your virtual network and contains the IP addresses that the virtual network gateway resources and services use. Specify a gateway subnet that is /27 or larger.
+
+[!INCLUDE [Create gateway subnet](../../includes/vpn-gateway-create-gateway-subnet-portal-include.md)]
+
 ## <a name="VNetGateway"></a>Create a VPN gateway
 
 In this step, you create the virtual network gateway (VPN gateway) for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.

articles/vpn-gateway/tutorial-site-to-site-portal.md

@@ -6,7 +6,7 @@ author: cherylmc
 ms.author: cherylmc
 ms.service: vpn-gateway
 ms.topic: tutorial
-ms.date: 11/21/2023
+ms.date: 01/17/2024
 
 ---
 
@@ -50,13 +50,15 @@ In this section, you'll create a virtual network (VNet) using the following valu
 
 After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md)
 
-## <a name="VNetGateway"></a>Create a VPN gateway
+## Create a gateway subnet
 
-In this step, you create the virtual network gateway for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.
+[!INCLUDE [About gateway subnets](../../includes/vpn-gateway-about-gwsubnet-portal-include.md)]
 
-### About the gateway subnet
+[!INCLUDE [Create gateway subnet](../../includes/vpn-gateway-create-gateway-subnet-portal-include.md)]
 
-[!INCLUDE [About gateway subnets](../../includes/vpn-gateway-about-gwsubnet-portal-include.md)]
+## <a name="VNetGateway"></a>Create a VPN gateway
+
+In this step, you create the virtual network gateway for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.
 
 ### Create the gateway
 

includes/vpn-gateway-about-gwsubnet-portal-include.md

@@ -5,13 +5,13 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 07/17/2023
+ ms.date: 01/16/2024
  ms.author: cherylmc
  ms.custom: include file
 ---
 
-The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use.
+The virtual network gateway requires a specific subnet named **GatewaySubnet**. The gateway subnet is part of IP address range for your virtual network and contains the IP addresses that the virtual network gateway resources and services use.
 
 When you create the gateway subnet, you specify the number of IP addresses that the subnet contains. The number of IP addresses needed depends on the VPN gateway configuration that you want to create. Some configurations require more IP addresses than others. It's best to specify /27 or larger (/26,/25 etc.) for your gateway subnet.
 
-If you see an error that specifies that the address space overlaps with a subnet, or that the subnet isn't contained within the address space for your virtual network, check your VNet address range. You may not have enough IP addresses available in the address range you created for your virtual network. For example, if your default subnet encompasses the entire address range, there are no IP addresses left to create additional subnets. You can either adjust your subnets within the existing address space to free up IP addresses, or specify an additional address range and create the gateway subnet there.
+If you see an error that specifies that the address space overlaps with a subnet, or that the subnet isn't contained within the address space for your virtual network, check your VNet address range. You might not have enough IP addresses available in the address range you created for your virtual network. For example, if your default subnet encompasses the entire address range, there are no IP addresses left to create additional subnets. You can either adjust your subnets within the existing address space to free up IP addresses, or specify an additional address range and create the gateway subnet there.

includes/vpn-gateway-add-gw-portal-include.md

@@ -2,7 +2,7 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 10/05/2023
+ ms.date: 01/17/2024
  ms.author: cherylmc
 ---
 
@@ -19,7 +19,11 @@
    * **Name**: Name your gateway. Naming your gateway not the same as naming a gateway subnet. It's the name of the gateway object you're creating.
    * **Region**: Select the region in which you want to create this resource. The region for the gateway must be the same as the virtual network.
    * **Gateway type**: Select **VPN**. VPN gateways use the virtual network gateway type **VPN**.
-   * **SKU**: Select the gateway SKU that supports the features you want to use from the dropdown. See [Gateway SKUs](../articles/vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md#gwsku). In the portal, the SKUs available in the dropdown depend on the `VPN type` you select. [!INCLUDE [Basic SKU](vpn-gateway-basic-sku.md)]
+   * **SKU**: From the dropdown, select the gateway SKU that supports the features you want to use. See [Gateway SKUs](../articles/vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md#gwsku). In the portal, the SKUs available in the dropdown depend on the `VPN type` you select. [!INCLUDE [Basic SKU](vpn-gateway-basic-sku.md)]
    * **Generation**: Select the generation you want to use. We recommend using a Generation2 SKU. For more information, see [Gateway SKUs](../articles/vpn-gateway/vpn-gateway-about-vpngateways.md#gwsku).
-   * **Virtual network**: From the dropdown, select the virtual network to which you want to add this gateway. If you can't see the VNet for which you want to create a gateway, make sure you selected the correct subscription and region in the previous settings.
-   * **Gateway subnet address range**: This field only appears if your VNet doesn't have a gateway subnet. It's best to specify /27 or larger (/26,/25 etc.). This allows enough IP addresses for future changes, such as adding an ExpressRoute gateway. If you already have a gateway subnet, you can view GatewaySubnet details by navigating to your virtual network. Select **Subnets** to view the range. If you want to change the range, you can delete and recreate the GatewaySubnet.
+   * **Virtual network**: From the dropdown, select the virtual network to which you want to add this gateway. If you can't see the virtual network for which you want to create a gateway, make sure you selected the correct subscription and region in the previous settings.
+   * **Gateway subnet address range** or **Subnet**: The gateway subnet is required to create a VPN gateway.
+
+     At this time, this field has a couple of different behaviors, depending on the virtual network address space and whether you already created a subnet named **GatewaySubnet** for your virtual network.
+
+     If you don't have a gateway subnet AND you don't see the option to create one on this page, go back to your virtual network and create the gateway subnet. Then, return to this page and configure the VPN gateway.

includes/vpn-gateway-create-gateway-subnet-portal-include.md

@@ -0,0 +1,12 @@
+---
+ author: cherylmc
+ ms.service: vpn-gateway
+ ms.topic: include
+ ms.date: 01/17/2024
+ ms.author: cherylmc
+---
+
+1. On the page for your virtual network, in the left pane, select **Subnets** to open the Subnets page.
+1. At the top of the page, click **+ Gateway subnet** to open the **Add subnet** pane.
+1. The name is automatically entered as **GatewaySubnet**. Adjust the IP address range value, if necessary. For example, **10.1.255.0/27**.
+1. Don't adjust the other values on the page. Click **Save** at the bottom of the page to save the subnet.