We have a VPN site2site created, and would like to make a new site2site VPN, that would only be used as a backup.
I´m going to try to explain, in more detail.
our vpn connects azure with our on-prem DC, we have another DC on another provider that´s connected with a MPLS network, we would like to have a backup connection, that if our main DC fails we can route the traffic to exit using another point of our mpls, and that would connect to azure. ( the routing part on our network is not a problem) but, i´m not understanding how can i have a new gateway using all the same private networks on azure, that once our main dc fails we would log into azure, and simply select the new gateway, is this possible?
Hope someone can point me in the best direction to do this.
( the routing part on our network is not a problem) but, i´m not understanding how can i have a new gateway using all the same private networks on azure…
I’m not sure I understand. Is the issue that you want two different VPN tunnels connecting to different endpoints that have the same network on the other side? Or is the issue that you want a backup domain controller hosted in Azure?
This feels like an XY problem, so I want to ask, what’s the problem you’re trying to solve? Or to ask another way, what kind of outage is this “backup” supposed to guard against?
So as you can see, our azure uses one VPN to our main DC, it has happen ( that our main DC failed) and at that time, azure stoped communicating with our internal infrastructure, what i would like is to have the VPN on ONI Site ( that dosen´t exist yet) to be used as a backup, so if our main dc fails, we would go to azure and change the VPN from Azure - Main Site to Azure - Oni Site.
It’s really difficult to follow along in your scenario. Can you provide a diagram? The term DC is overloaded. Are you referring to datacenter or domain controller? It’s unclear for me if you want to use Azure as transit between two on-prem datacenters or have Azure take over for your on-prem datacenter, or something else.
Azure doesn’t magically solve anything with networking. If you are failing over apps you would have to provide routing, update DNS, etc.
I see. So you are using VPN gateway today in Azure and running BGP over that? If you are running BGP, you could just setup another S2S VPN and provide longer AS path from ONI site.