We are trying to add a second ExpressRoute connection to a vNet in an Azure subscription. We have already successfully completed the connection to our first ExpressRoute (we are using the Exchange Provider method) using a combination of the virtual network GUI and powershell cmdlet tools.
However... the GUI only supports adding one site-to-site VPN via ExpressRoute.
The method for adding a secondary site-to-site connection is to export the network configuration (via the Azure portal) and edit the resulting NetworkConfig.xml file - and then re-import this via the portal.
All good, in theory.
The NetworkConfig.xml file exported from the gui:
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="XXXX">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
In conjunction with MS Support (with whom we are still engaged), we determined the following should work:
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="XXXX">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="YYYY">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
However, attempting to import this generates the following error message:
"The gateway in virtual network site XXX-XXX-XX referenced multiple local network sites and uses a connection type different than 'IPsec' for at least one of the connections. If a gateway references more than one local network site, the connection type to all local network sites must be 'IPsec'. 'IPsec' is the default connection type."
This appears to suggest multiple ExpressRoute connections on a single vNet are not supported, which would be contrary to the MS FAQ here:
Can I have one virtual network connected to more than one ExpressRoute circuit?
Yes. You can link a single virtual network with up to 4 ExpressRoute circuits. All ExpressRoute circuits must be in the same continent. They can be ordered through different service providers and in different locations.
(from <link to ms site snipped>)
Does anyone have any idea how we should proceed?
Thanks