Merge pull request #280901 from ShawnJackson/vpn-gateway-vpn-faq

[AQ] edit pass: vpn-gateway-vpn-faq

Author: ktoliver

articles/azure-government/azure-secure-isolation-guidance.md

@@ -57,13 +57,13 @@ When you deploy a Route Server to a virtual network, we need to update the contr
 
 ### Why does my on-premises network connected to Azure VPN gateway not receive the default route advertised by the Route Server?
 
-Although Azure VPN gateway can receive the default route from its BGP peers including the Route Server, it [doesn't advertise the default route](../vpn-gateway/vpn-gateway-vpn-faq.md#what-address-prefixes-will-azure-vpn-gateways-advertise-to-me) to other peers. 
+Although Azure VPN gateway can receive the default route from its BGP peers including the Route Server, it [doesn't advertise the default route](../vpn-gateway/vpn-gateway-vpn-faq.md#what-address-prefixes-do-azure-vpn-gateways-advertise-to-me) to other peers. 
 
 ### Why does my NVA not receive routes from the Route Server even though the BGP peering is up?
 
 The ASN that the Route Server uses is 65515. Make sure you configure a different ASN for your NVA so that an *eBGP* session can be established between your NVA and Route Server so route propagation can happen automatically. Make sure you enable "multi-hop" in your BGP configuration because your NVA and the Route Server are in different subnets in the virtual network.
 
-### The BGP peering between my NVA and Route Server is up. I can see routes exchanged correctly between them. Why aren’t the NVA routes in the effective routing table of my VM? 
+### The BGP peering between my NVA and Route Server is up. I can see routes exchanged correctly between them. Why aren't the NVA routes in the effective routing table of my VM? 
 
 * If your VM is in the same virtual network as your NVA and Route Server:
 

articles/route-server/troubleshoot-route-server.md

@@ -1,34 +1,35 @@
 ---
- title: include file
- description: include file
+ title: Include file
+ description: Include file
  services: vpn-gateway
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
  ms.date: 02/14/2019
  ms.author: cherylmc
- ms.custom: include file
+ ms.custom: Include file
 ---
-**To download VPN device configuration scripts:**
 
-Depending on the VPN device that you have, you may be able to download a VPN device configuration script. For more information, see [Download VPN device configuration scripts](../articles/vpn-gateway/vpn-gateway-download-vpndevicescript.md).
+Depending on the VPN device that you have, you might be able to download a VPN device configuration script. For more information, see [Download VPN device configuration scripts](../articles/vpn-gateway/vpn-gateway-download-vpndevicescript.md).
 
-**See the following links for additional configuration information:**
+The following links provide more configuration information:
 
-- For information about compatible VPN devices, see [VPN Devices](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md).
+- For information about compatible VPN devices, see [About VPN devices](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md).
 
-- Before configuring your VPN device, check for any [Known device compatibility issues](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#known) for the VPN device that you want to use.
+- Before you configure your VPN device, check for any [known device compatibility issues](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#known).
 
-- For links to device configuration settings, see [Validated VPN Devices](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#devicetable). The device configuration links are provided on a best-effort basis. It's always best to check with your device manufacturer for the latest configuration information. The list shows the versions we have tested. If your OS is not on that list, it is still possible that the version is compatible. Check with your device manufacturer to verify that OS version for your VPN device is compatible.
+- For links to device configuration settings, see [Validated VPN devices](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#devicetable). We provide the device configuration links on a best-effort basis, but it's always best to check with your device manufacturer for the latest configuration information.
 
-- For an overview of VPN device configuration, see [VPN device configuration overview](../articles/vpn-gateway/vpn-gateway-3rdparty-device-config-overview.md).
+  The list shows the versions that we tested. If the OS version for your VPN device isn't on the list, it still might be compatible. Check with your device manufacturer.
+
+- For basic information about VPN device configuration, see [Overview of partner VPN device configurations](../articles/vpn-gateway/vpn-gateway-3rdparty-device-config-overview.md).
 
 - For information about editing device configuration samples, see [Editing samples](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#editing).
 
 - For cryptographic requirements, see [About cryptographic requirements and Azure VPN gateways](../articles/vpn-gateway/vpn-gateway-about-compliance-crypto.md).
 
-- For information about IPsec/IKE parameters, see [About VPN devices and IPsec/IKE parameters for Site-to-Site VPN gateway connections](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#ipsec). This link shows information about IKE version, Diffie-Hellman Group, Authentication method, encryption and hashing algorithms, SA lifetime, PFS, and DPD, in addition to other parameter information that you need to complete your configuration.
+- For information about parameters that you need to complete your configuration, see [Default IPsec/IKE parameters](../articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#ipsec). The information includes IKE version, Diffie-Hellman (DH) group, authentication method, encryption and hashing algorithms, security association (SA) lifetime, perfect forward secrecy (PFS), and Dead Peer Detection (DPD).
 
-- For IPsec/IKE policy configuration steps, see [Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections](../articles/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell.md).
+- For IPsec/IKE policy configuration steps, see [Configure custom IPsec/IKE connection policies for S2S VPN and VNet-to-VNet](../articles/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell.md).
 
-- To connect multiple policy-based VPN devices, see [Connect Azure VPN gateways to multiple on-premises policy-based VPN devices using PowerShell](../articles/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps.md).
+- To connect multiple policy-based VPN devices, see [Connect a VPN gateway to multiple on-premises policy-based VPN devices](../articles/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps.md).

articles/vpn-gateway/vpn-gateway-vpn-faq.md

@@ -1,23 +1,23 @@
 ---
- title: include file
- description: include file
+ title: Include file
+ description: Include file
  services: vpn-gateway
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
  ms.date: 10/18/2023
  ms.author: cherylmc
- ms.custom: include file
+ ms.custom: Include file
 ---
 If you're having trouble connecting to a virtual machine over your VPN connection, check the following items:
 
 * Verify that your VPN connection is successful.
 * Verify that you're connecting to the private IP address for the VM.
-* If you can connect to the VM using the private IP address, but not the computer name, verify that you have configured DNS properly. For more information about how name resolution works for VMs, see [Name Resolution for VMs](../articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md).
+* If you can connect to the VM by using the private IP address but not the computer name, verify that you configured DNS properly. For more information about how name resolution works for VMs, see [Name resolution for resources in Azure virtual networks](../articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md).
 
-When you connect over Point-to-Site, check the following additional items:
+When you connect over point-to-site, check the following additional items:
 
-* Use 'ipconfig' to check the IPv4 address assigned to the Ethernet adapter on the computer from which you're connecting. If the IP address is within the address range of the virtual network that you're connecting to, or within the address range of your VPNClientAddressPool, this is referred to as an overlapping address space. When your address space overlaps in this way, the network traffic doesn't reach Azure, it stays on the local network.
-* Verify that the VPN client configuration package was generated after the DNS server IP addresses were specified for the virtual network. If you updated the DNS server IP addresses, generate and install a new VPN client configuration package.
+* Use `ipconfig` to check the IPv4 address assigned to the Ethernet adapter on the computer from which you're connecting. If the IP address is within the address range of the virtual network that you're connecting to, or within the address range of your VPN client address pool, it's an overlapping address space. When your address space overlaps in this way, the network traffic doesn't reach Azure. It stays on the local network.
+* Verify that the VPN client configuration package was generated after you specified the DNS server IP addresses for the virtual network. If you updated the DNS server IP addresses, generate and install a new VPN client configuration package.
 
-For more information about troubleshooting an RDP connection, see [Troubleshoot Remote Desktop connections to a VM](/troubleshoot/azure/virtual-machines/troubleshoot-rdp-connection).
+For more information about troubleshooting an RDP connection, see [Troubleshoot Remote Desktop connections to a VM](/troubleshoot/azure/virtual-machines/troubleshoot-rdp-connection).

includes/vpn-gateway-configure-vpn-device-rm-include.md

@@ -9,57 +9,57 @@ ms.topic: include
 
 ---
 
-### Which services are included in the Maintenance Configuration scope of Network Gateways? 
+### Which services are included in maintenance configuration for the Network Gateways scope? 
 
-The Network Gateways scope includes gateway resources in Networking services. There are four types of resources in the Network Gateways scope:
+The Network Gateways scope includes gateway resources in networking services. There are four types of resources in the Network Gateways scope:
 
-* Virtual network gateway in the ExpressRoute service.
-* Virtual network gateway in the VPN Gateway service.
-* VPN gateway (Site-to-Site) in the Virtual WAN service.
-* ExpressRoute gateway in the Virtual WAN service.
+* Virtual network gateway in the ExpressRoute service
+* Virtual network gateway in the VPN Gateway service
+* VPN gateway (site-to-site) in the Azure Virtual WAN service
+* ExpressRoute gateway in the Virtual WAN service
 
-### Which maintenance is supported or not supported by customer-controlled maintenance?
+### Which maintenance does customer-controlled maintenance support?
 
-Azure services go through periodic maintenance updates to improve functionality, reliability, performance, and security. Once you configure a maintenance window for your resources, Guest OS and Service maintenance are performed during that window. Host updates, beyond the host updates (TOR, Power etc.) and critical security updates, aren't covered by the customer-controlled maintenance.  
+Azure services go through periodic maintenance updates to improve functionality, reliability, performance, and security. After you configure a maintenance window for your resources, guest OS maintenance and service maintenance are performed during that window. Customer-controlled maintenance doesn't cover host updates (beyond the host updates for Power, for example) and critical security updates.
 
 ### Can I get advanced notification of the maintenance?
 
-At this time, advanced notification can't be enabled for the maintenance of Network Gateway resources.
+At this time, you can't get advanced notification for the maintenance of Network Gateway REST API resources.
 
 ### Can I configure a maintenance window shorter than five hours?
 
-At this time, you need to configure a minimum of a five hour window in your preferred time zone.
+At this time, you need to configure a minimum of a five-hour window in your preferred time zone.
 
-### Can I configure a maintenance window other than Daily schedule?
+### Can I configure a maintenance window other than a daily schedule?
 
 At this time, you need to configure a daily maintenance window.
 
-### Are there cases where I can’t control certain updates?
+### Are there cases where I can't control certain updates?
 
-Customer-controlled maintenance supports Guest OS and Service updates. These updates account for most of the maintenance items that cause concern for the customers. Some other types of updates, including Host updates, are outside of the scope of customer-controlled maintenance.
+Customer-controlled maintenance supports guest OS and service updates. These updates account for most of the maintenance items that cause concern for customers. Some other types of updates, including host updates, are outside the scope of customer-controlled maintenance.
 
-Additionally, if there's a high-severity security issue that might endanger our customers, Azure might need to override customer control of the maintenance window and push the change. These are rare occurrences that would only be used in extreme cases.
+If a high-severity security issue might endanger customers, Azure might need to override customer control of the maintenance window and push a change. These changes are rare occurrences that we use only in extreme cases.
 
-### Do Maintenance Configuration resources need to be in the same region as the gateway resource?
+### Do maintenance configuration resources need to be in the same region as the gateway resource?
 
-Yes
+Yes.
 
-### Which gateway SKUs can be configured to use customer-controlled maintenance?
+### Which gateway SKUs can I configure to use customer-controlled maintenance?
 
-All gateway SKUs (except the Basic SKU for VPN Gateway) can be configured to use customer-controlled maintenance.
+All the Azure VPN Gateway SKUs (except the Basic SKU) can be configured to use customer-controlled maintenance.
 
-### How long does it take for maintenance configuration policy to become effective after it gets assigned to the gateway resource?
+### How long does it take for a maintenance configuration policy to become effective after it's assigned to the gateway resource?
 
 It might take up to 24 hours for Network Gateways to follow the maintenance schedule after the maintenance policy is associated with the gateway resource.  
 
-### Are there any limitations on using customer-controlled maintenance based on the Basic SKU Public IP address?
+### Are there any limitations on using customer-controlled maintenance based on the Basic SKU public IP address?
 
-Yes. Gateway resources that use a Basic SKU Public IP address will only be able to have service updates following the customer-controlled maintenance schedule. For these gateways, Guest OS maintenance does NOT follow the customer-controlled maintenance schedule due to infrastructure limitations.
+Yes. Customer-controlled maintenance doesn't work for resources that use Basic SKU public IP addresses, except in the case of service updates. For these gateways, guest OS maintenance does *not* follow the customer-controlled maintenance schedule because of infrastructure limitations.
 
 ### How should I plan maintenance windows when using VPN and ExpressRoute in a coexistence scenario?
 
-When working with VPN and ExpressRoute in a coexistence scenario or whenever you have resources acting as backups, we recommend setting up separate maintenance windows. This approach ensures that maintenance doesn't affect your backup resources at the same time.
+When you work with VPN and ExpressRoute in a coexistence scenario or whenever you have resources that act as backups, we recommend setting up separate maintenance windows. This approach ensures that maintenance doesn't affect your backup resources at the same time.
 
-### I've scheduled a maintenance window for a future date for one of my resources. Will maintenance activities be paused on this resource until then?
+### I scheduled a maintenance window for a future date for one of my resources. Are maintenance activities paused on this resource until then?
 
-No, maintenance activities won't be paused on your resource during the period before the scheduled maintenance window. For the days not covered in your maintenance schedule, maintenance continues as usual on the resource.
+No, maintenance activities aren't paused on your resource during the period before the scheduled maintenance window. For the days not covered in your maintenance schedule, maintenance continues as usual on the resource.