You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using
Azure ExpressRoute.
You plan to prepare the environment for automatic failover in case of ExpressRoute failure.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Create a connection
- B. Create a local site VPN gateway
- C. Create a VPN gateway that uses the VpnGw1 SKU
- D. Create a gateway subnet
- E. Create a VPN gateway that uses the Basic SKU
Correct Answer: ABC
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Vnet1 is already connected by ExpressRoute, wich we presume that the subnet gateway was already created.
SKU need to be VpnGw1 because Basic does not coexist with ExpressRoute
For a site to site VPN, you need:
– a local gateway
– a gateway subnet
– a VPN gateway
– a connection to connect the local gateway and the VPN gateway
However, the question states that VNet1 connects to your on-premises network by using Azure ExpressRoute. For an ExpressRoute connection, VNET1 must already be configured with a gateway subnet so we don’t need another one.
Note: BasicSKU cannot coexist with ExpressRoute. You must use a non-Basic SKU gateway for both the ExpressRoute gateway and the VPN gateway.