Vnet1 is already connected by ExpressRoute, wich we presume that the subnet gateway was already created.
SKU need to be VpnGw1 because Basic does not coexist with ExpressRoute
For a site to site VPN, you need:
– a local gateway
– a gateway subnet
– a VPN gateway
– a connection to connect the local gateway and the VPN gateway
However, the question states that VNet1 connects to your on-premises network by using Azure ExpressRoute. For an ExpressRoute connection, VNET1 must already be configured with a gateway subnet so we don’t need another one.
Note: BasicSKU cannot coexist with ExpressRoute. You must use a non-Basic SKU gateway for both the ExpressRoute gateway and the VPN gateway.