edit pass: vpn-gateway-vpn-faq

Author: ShawnJackson

articles/vpn-gateway/vpn-gateway-vpn-faq.md

@@ -1,6 +1,6 @@
 ---
 title: Azure VPN Gateway FAQ
-description: Learn about frequently asked questions for VPN Gateway cross-premises connections, hybrid configuration connections, and virtual network gateways. This FAQ contains comprehensive information about point-to-site, site-to-site, and VNet-to-VNet configuration settings.
+description: Get answers to frequently asked questions about VPN Gateway connections and configuration settings.
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: conceptual
@@ -10,21 +10,21 @@ ms.author: cherylmc
 
 # VPN Gateway FAQ
 
-This article answers frequently asked questions about Azure VPN Gateway connections and configuration settings.
+This article answers frequently asked questions about Azure VPN Gateway cross-premises connections, hybrid configuration connections, and virtual network (VNet) gateways. It contains comprehensive information about point-to-site (P2S), site-to-site (S2S), and VNet-to-VNet configuration settings.
 
 ## <a name="connecting"></a>Connecting to virtual networks
 
 ### Can I connect virtual networks in different Azure regions?
 
-Yes. There's no region constraint. One virtual network (VNet) can connect to another virtual network in the same region or in a different Azure region.
+Yes. There's no region constraint. One virtual network can connect to another virtual network in the same region or in a different Azure region.
 
 ### Can I connect virtual networks in different subscriptions?
 
 Yes.
 
 ### Can I specify private DNS servers in my VNet when configuring a VPN gateway?
 
-If you specified a DNS server or servers when you created your virtual network, the VPN gateway uses the DNS servers that you specified. If you specify a DNS server, verify that your DNS server can resolve the domain names needed for Azure.
+If you specify a Domain Name System (DNS) server or servers when you create your virtual network, the VPN gateway uses those DNS servers. Verify that your specified DNS servers can resolve the domain names needed for Azure.
 
 ### Can I connect to multiple sites from a single virtual network?
 
@@ -36,10 +36,10 @@ No. However, costs for any additional public IPs are charged accordingly. See [I
 
 ### What are my cross-premises connection options?
 
-The following cross-premises virtual network gateway connections are supported:
+Azure VPN Gateway supports the following cross-premises VNet gateway connections:
 
-* **Site-to-site (S2S)**: VPN connection over IPsec (IKEv1 and IKEv2). This type of connection requires a VPN device or Windows Server Routing and Remote Access. For more information, see [Create a site-to-site VPN connection in the Azure portal](./tutorial-site-to-site-portal.md).
-* **Point-to-site (P2S)**: VPN connection over Secure Socket Tunneling Protocol (SSTP) or IKEv2. This connection doesn't require a VPN device. For more information, see [Configure server settings for point-to-site VPN Gateway certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
+* **Site-to-site**: VPN connection over IPsec (IKEv1 and IKEv2). This type of connection requires a VPN device or Windows Server Routing and Remote Access. For more information, see [Create a site-to-site VPN connection in the Azure portal](./tutorial-site-to-site-portal.md).
+* **Point-to-site**: VPN connection over Secure Socket Tunneling Protocol (SSTP) or IKEv2. This connection doesn't require a VPN device. For more information, see [Configure server settings for point-to-site VPN Gateway certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
 * **VNet-to-VNet**: This type of connection is the same as a site-to-site configuration. VNet-to-VNet is a VPN connection over IPsec (IKEv1 and IKEv2). It doesn't require a VPN device. For more information, see the [Configure a VNet-to-VNet VPN gateway connection](vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
 * **Azure ExpressRoute**: ExpressRoute is a private connection to Azure from your wide area network, not a VPN connection over the public internet. For more information, see the [ExpressRoute technical overview](../expressroute/expressroute-introduction.md) and the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md).
 
@@ -214,7 +214,7 @@ The Standard and High Performance SKUs will be deprecated on September 30, 2025.
 
 We've validated a set of standard site-to-site VPN devices in partnership with device vendors. You can find a list of known compatible VPN devices, their corresponding configuration instructions or samples, and device specifications in the [About VPN devices](vpn-gateway-about-vpn-devices.md) article.
 
-All devices in the device families listed as known compatible should work with Azure Virtual Network. To help configure your VPN device, refer to the device configuration sample or link that corresponds to the appropriate device family.
+All devices in the device families listed as known compatible should work with virtual networks. To help configure your VPN device, refer to the device configuration sample or link that corresponds to the appropriate device family.
 
 ### Where can I find VPN device configuration settings?
 

includes/vpn-gateway-faq-bgp-include.md

@@ -114,17 +114,17 @@ For example, if you have two redundant tunnels between your Azure VPN gateway an
 
 Yes, but at least one of the virtual network gateways must be in an active-active configuration.
 
-### Can I use BGP for site-to-site VPN in an Azure ExpressRoute and site-to-site VPN coexistence configuration?
+### Can I use BGP for an S2S VPN in an Azure ExpressRoute and S2S VPN coexistence configuration?
 
 Yes.
 
 ### What should I add to my on-premises VPN device for the BGP peering session?
 
-Add a host route of the Azure BGP peer IP address on your VPN device. This route points to the IPsec site-to-site VPN tunnel.
+Add a host route of the Azure BGP peer IP address on your VPN device. This route points to the IPsec S2S VPN tunnel.
 
 For example, if the Azure VPN peer IP is 10.12.255.30, you add a host route for 10.12.255.30 with a next-hop interface of the matching IPsec tunnel interface on your VPN device.
 
-### Does the virtual network gateway support BFD for site-to-site connections with BGP?
+### Does the virtual network gateway support BFD for S2S connections with BGP?
 
 No. Bidirectional Forwarding Detection (BFD) is a protocol that you can use with BGP to detect neighbor downtime more quickly than you can by using standard BGP *keepalive* intervals. BFD uses subsecond timers designed to work in LAN environments, but not across the public internet or WAN connections.
 

includes/vpn-gateway-faq-ipsecikepolicy-include.md

@@ -70,7 +70,7 @@ The default DPD timeout is 45 seconds on VPN gateways. You can specify a differe
 
 ### Does a custom IPsec or IKE policy work on ExpressRoute connections?
 
-No. An IPsec or IKE policy works only on site-to-site VPN and VNet-to-VNet connections via the VPN gateways.
+No. An IPsec or IKE policy works only on S2S VPN and VNet-to-VNet connections via the VPN gateways.
 
 ### How do I create connections with the IKEv1 or IKEv2 protocol type?
 

includes/vpn-gateway-faq-nat-include.md

@@ -9,7 +9,7 @@
 
 NAT is supported on VpnGw2 to VpnGw25 and on VpnGw2AZ to VpnGw5AZ.
 
-### Can I use NAT on VNet-to-VNet or point-to-site connections?
+### Can I use NAT on VNet-to-VNet or P2S connections?
 
 No.
 

includes/vpn-gateway-faq-p2s-all-include.md

@@ -74,7 +74,7 @@ After you change the authentication type, current clients might not be able to c
 
 ### When do I need to generate a new configuration package for the VPN client profile?
 
-When you make changes to the configuration settings for the point-to-site VPN gateway, such as adding a tunnel type or changing an authentication type, you need to generate a new configuration package for the VPN client profile. The new package includes the updated settings that VPN clients need for connecting to the point-to-site gateway. After you generate the package, use the settings in the files to update the VPN clients.
+When you make changes to the configuration settings for the P2S VPN gateway, such as adding a tunnel type or changing an authentication type, you need to generate a new configuration package for the VPN client profile. The new package includes the updated settings that VPN clients need for connecting to the P2S gateway. After you generate the package, use the settings in the files to update the VPN clients.
 
 ### Does Azure support IKEv2 VPN with Windows?
 
@@ -106,23 +106,23 @@ The traffic selector limit in Windows determines the maximum number of address s
 
 The traffic selector limit for OpenVPN is 1,000 routes.
 
-### What happens when I configure both SSTP and IKEv2 for point-to-site VPN connections?
+### What happens when I configure both SSTP and IKEv2 for P2S VPN connections?
 
 When you configure both SSTP and IKEv2 in a mixed environment that consists of Windows and Mac devices, the Windows VPN client always tries the IKEv2 tunnel first. The client falls back to SSTP if the IKEv2 connection isn't successful. MacOS connects only via IKEv2.
 
 When you have both SSTP and IKEv2 enabled on the gateway, the point-to-site address pool is statically split between the two, so clients that use different protocols are IP addresses from either subrange. The maximum number of SSTP clients is always 128, even if the address range is larger than /24. The result is a larger number of addresses available for IKEv2 clients. For smaller ranges, the pool is equally halved. Traffic selectors that the gateway uses might not include the point-to-site address range CIDR but include the two subrange CIDRs.
 
-### Which platforms does Azure support for point-to-site VPN?
+### Which platforms does Azure support for P2S VPN?
 
-Azure supports Windows, Mac, and Linux for point-to-site VPN.
+Azure supports Windows, Mac, and Linux for P2S VPN.
 
 ### I already have a VPN gateway deployed. Can I enable RADIUS or IKEv2 VPN on it?
 
 Yes. If the gateway SKU that you're using supports RADIUS or IKEv2, you can enable these features on gateways that you already deployed by using Azure PowerShell or the Azure portal. The Basic SKU doesn't support RADIUS or IKEv2.
 
-### <a name="removeconfig"></a>How do I remove the configuration of a point-to-site connection?
+### <a name="removeconfig"></a>How do I remove the configuration of a P2S connection?
 
-You can remove a point-to-site configuration by using the following Azure PowerShell or Azure CLI commands.
+You can remove a P2S configuration by using the following Azure PowerShell or Azure CLI commands.
 
 #### Azure PowerShell