Exam AZ-700 topic 9 question 1 discussion

1. Delete VPN GW1. 2. Set the subnet mask of Gateway Subnet to /27. 3. Create a VPN gateway by using the VPN GW1 SKU. https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-coexisting-gateway-portal "To configure coexisting connections for an already existing VNet: 1- Delete the existing ExpressRoute or Site-to-site VPN gateway. 2 - Delete and recreate the GatewaySubnet to have prefix of /27 or shorter. 3- Configure a VNet with a Site-to-Site connection and then Configure the ExpressRoute gateway. 4 - Once the ExpressRoute gateway is deployed, you can link the virtual network to the ExpressRoute circuit."

1. Delete GW1 2. Create VPN GW with GW1 SKU 3. Edit subnet mask to /27 ExpressRoute-VPN Gateway coexist configurations are not supported on the Basic SKU. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways although i feel that 2-3 are interchangable.

About the Gateway Subnet: "When you're planning your gateway subnet size, refer to the documentation for the configuration that you're planning to create. For example, the ExpressRoute/VPN Gateway coexist configuration requires a larger gateway subnet than most other configurations. Further more, you may want to make sure your gateway subnet contains enough IP addresses to accommodate possible future configurations. While you can create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /27 or larger (/27, /26 etc.). If you plan on connecting 16 ExpressRoute circuits to your gateway, you must create a gateway subnet of /26 or larger. If you're creating a dual stack gateway subnet, we recommend that you also use an IPv6 range of /64 or larger. This set up will accommodate most configurations." https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsub

Sorry. VPN GW basic sku should not work as we have Azure AD authentication

VPN GW Basic sku is enough as we have only 10 devices.

In exam Feb 2023

Also as they need to auth on the VPN PS2 with Azure AD. It needs to be OpenVPN OpenVPN is not supported on basic SKU https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

Once you realize you need to resize the subnet, the first two should be obvious. 1) delete gw 2) set subnet mask 3) I personally went with the "what's there is probably fine" assumption, but as others have pointed out, Basic would not work. Sometimes you get lucky.

Following this documentation Basic Gateway is not enough for P2S Connection, but there is no other option to choose. Any comments/ideas? Should we create based on the VPN GW 1 SKU instead?

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. You need to have a standard SKU VPN gate for express route p2s and s2s.