Merge pull request #229059 from stegag/patch-43

prmerger-automator[bot] · web-flow · commit b9b398866c75 · 2023-03-01T10:01:02.000Z
Update ikev2-openvpn-from-sstp.md
diff --git a/articles/vpn-gateway/ikev2-openvpn-from-sstp.md b/articles/vpn-gateway/ikev2-openvpn-from-sstp.md
@@ -43,6 +43,10 @@ To add IKEv2 to an existing gateway, go to the "point-to-site configuration" tab
 
 :::image type="content" source="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with the Tunnel type drop-down open, and IKEv2 and SSTP(SSL) selected." lightbox="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png":::
 
+>[!NOTE]
+> When you have both SSTP and IKEv2 enabled on the Gateway, the point-to-site address pool will be statically split between the two, so clients using different protocols will be assigned IP addresses from either sub-range. Note that the maximum amount of SSTP clients is always 128 even if the address range is larger than /24 resulting in a bigger amount of addresses available for IKEv2 clients. For smaller ranges, the pool will be equally halved. Traffic Selectors used by the gateway may not include the Point to Site address range CIDR, but the two sub-range CIDRs.
+>
+
 ### Option 2 - Remove SSTP and enable OpenVPN on the Gateway
 
 Since SSTP and OpenVPN are both TLS-based protocol, they can't coexist on the same gateway. If you decide to move away from SSTP to OpenVPN, you'll have to disable SSTP and enable OpenVPN on the gateway. This operation will cause the existing clients to lose connectivity to the VPN gateway until the new profile has been configured on the client.
@@ -158,4 +162,4 @@ A P2S configuration requires quite a few specific steps. The following articles
 
 * [Configure a P2S connection - Azure certificate authentication](vpn-gateway-howto-point-to-site-rm-ps.md)
 
-**"OpenVPN" is a trademark of OpenVPN Inc.**
+**"OpenVPN" is a trademark of OpenVPN Inc.**
diff --git a/includes/vpn-gateway-faq-p2s-all-include.md b/includes/vpn-gateway-faq-p2s-all-include.md
@@ -98,6 +98,8 @@ The traffic selectors limit in Windows determines the maximum number of address
 
 When you configure both SSTP and IKEv2 in a mixed environment (consisting of Windows and Mac devices), the Windows VPN client will always try IKEv2 tunnel first, but will fall back to SSTP if the IKEv2 connection isn't successful. MacOSX will only connect via IKEv2.
 
+When you have both SSTP and IKEv2 enabled on the Gateway, the point-to-site address pool will be statically split between the two, so clients using different protocols will be assigned IP addresses from either sub-range. Note that the maximum amount of SSTP clients is always 128 even if the address range is larger than /24 resulting in a bigger amount of addresses available for IKEv2 clients. For smaller ranges, the pool will be equally halved. Traffic Selectors used by the gateway may not include the Point to Site address range CIDR, but the two sub-range CIDRs.
+
 ### Other than Windows and Mac, which other platforms does Azure support for P2S VPN?
 
 Azure supports Windows, Mac, and Linux for P2S VPN.
