AZ-300 Exam - Question 75

Question

HOTSPOT -You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet. You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes. What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:.

Examice · Accepted Answer

Box 1: 4 -Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below. Box 2: 2 -Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. Box 3: 2 -Dual-redundancy: active-active VPN gateways for both Azure and on-premises networksReferences:https://docs. microsoft. com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable.

Mathew · Answer

Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case.
So I think  active-standby  will be good enough 
one Public IP , one VPN gateway and two local gateways.

Ekramy_Elnaggar · Answer

the question said "In Azure" , so:
2 Public IPs  , 1 VPN Gateway in active/active config , 2 Local Network Gateways

I already implemented this before.

shayer0 · Answer

It should be 1 Virtual network gateway (in active/stand-by mode as they can tolerate 2 minutes interruption), so one Azure IP as well. 
And 2 Local network Gateways. The IPs for these 2 local network gateways are not Azure IP, they are VPN device IPs. so answers is:
1-1-2

Happiman · Answer

1 Public IP address
1 Active/Standby VPN Gateway
2 Local Network Gateways

Tino · Answer

guys, i think that 1 public IP for the active/standby setup will be enough for the requirements:
"For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case."

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices

With active/active: no downtime, 2 IPs, 1 gateway and 2 local gateways
with active standby:a max of 1 min and a half in downtime (lesser than requirements), 1 IP, 1 gateway and 2 local gateways

maheshyadav · Answer

You need only 1 Gateway (Azure VPN gateway in an active-active configuration, and create two local network gateways and two connections for your two on-premises VPN devices as described above. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and your on-premises network) This will provide full active-active connection

Adrian1405 · Answer

I would say that the correct answer is 3 Public IP address.
The best fits Multiple on-premises VPN devices scenario 
https://docs.microsoft.com/pt-br/azure/vpn-gateway/vpn-gateway-highlyavailable

Benkyoujin · Answer

2, 2, 2 - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell

jayrush · Answer

This same question was in AZ103 and answer is 2,2,2

macco455 · Answer

It seems half the people on this thread missed the part where it says AZURE side, so we do not need to take into account the 2 Public IPs needed for the on premesis VPN devices. Just need to account for them when setting up the Local Network Gateway. WIth this said, the Correct answer is:

1 (Azure) IP address
1 Virtual network gateway (uses the IP)
2 Local network gateways (one for each remote VPN device)

princeali · Answer

3-1-2 is correct answer for this.

3: 2 ( 2 local gws need 1 Pubip each so, total 2) + 1 ( pubip for active instance only)
1: just need 1 azure VPN gateway with active - passive HA (fail over takes max 1 min 30 sec)
2: Local device needs its own local gw. so total 2 Local GW needed

gboyega · Answer

2
1
2

you only need 2 Public IP addresses from Azure

When configuring the VPN gateway, we set it to Active Active instead of Active Passive

We then create 2 LNG for the 2 VPN devices on-prem

wlfjck · Answer

You only need 1 public IP address in azure, refer to below
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case.

So the correct answer should be
1. 1 IP
2. 2 Gateway instances

Prash85 · Answer

Going over question:  condition 1: minimum number  (not maximum)   Condition 2:  required in Azure.    So answer is 1 1 2

poohtt · Answer

1) 3
2) 1
3) 2
Explanation:
1) 1 IP for virtual network gateway which works in active-standby mode. "The Azure VPN gateway will allocate a single IP address from the GatewaySubnet range for active-standby VPN gateways"
2 IP for local network gateway (BgpPeerIpAddress)
2) As I wrote active-standby mode requires only 1 gateway.
3) 2 local network gateways, because we have 2 on-prem vpn devices
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#what-address-does-azure-vpn-gateway-use-for-bgp-peer-ip

MMohammad · Answer

The correct answer is:
1 Public IP address
1 Virtual network gateway
2 Local network gateways

Description:
1 Public IP address - Each VPN gateway has two instances, one in active and one in standby. If one instance goes down, we would still have the other one available. Hence, we just need one Virtual Network gateway resource. And for this we just need to one Public IP address resource.
1 Virtual network gateway - Each VPN gateway has two instances, one in active and one in standby. If one instance goes down, we would still have the other one available. Hence, we just need one Virtual Network gateway resource.
2 Local network gateways - Here we would need to have two VPN devices registered on the client side. This would ensure that if one of the client VPN devices were to fail, you would still have another one available. For this we need to register two Local network gateways.

Rajyahoo · Answer

"What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure?"
The question is about resources in Azure, not both azure and on-prem.

It should be :
1 PIP
1 Virtual GW
1 Local GW

If active-active is not selected when Virtual GW is created , it automatically creates in Active-standby. One pip will do here. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case. (well with-in SLA stated)
Ref: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

Subhijith · Answer

1,1,2
Each VPN gateway has two instances, one in active and one in standby. If one instance goes down, we would still have the other one available. Hence, we just need one Virtual Network gateway resource. And for this we just need to one Public IP address resource.

Jinder · Answer

To save time for others, Copy pasting from above and its absolutely correct answer:

3-1-2 is correct answer for this.

3: 2 ( 2 local gws need 1 Pubip each so, total 2) + 1 ( pubip for active instance only)
1: just need 1 azure VPN gateway with active - passive HA (fail over takes max 1 min 30 sec)
2: Local device needs its own local gw. so total 2 Local GW needed

So the answer is 3 IPs, 1 VPN gateway, 2 Local Gateways

dumpmaster · Answer

Is 4:
https://docs.microsoft.com/pt-br/azure/vpn-gateway/vpn-gateway-highlyavailable

silverdeath · Answer

from doc we have : For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case ( so here we are in the active/passive mode we need only one public IP) + The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property ( here we need 2 public IPs) so the total is 3 IPs, one Virtual gateway + 2 local network gateways

Gorha · Answer

3 IP addresses: One for the two virtual gateways that are deployed in active-passive, when one fails the other takes over using the same IP address. Two IP addresses for the local gateways.
2 virtual gateways, active-passive
2 local gateways representing on premises

milind8451 · Answer

You need 4 Public IPs on Azure, as 2 needed for VPN Gateway and 2 for Local gateway (These 2 IP are actually of on-prem VPN devices). 2 VPN Gateway and 2 Local gateways are required for high availability on Azure. If they didn't mention high availability of VPN Gateway then only 1 can do the job in practical way.

joilec435 · Answer

4 2 2 for active active you can do 2 ips per gateway

bharatgudu · Answer

the correct answer is 1 1 2.. Please give some thought into this and some comments above has some good links. The key is it could be achieved using Active-Standby set up and the set up at on premise are not considered Azure resources.

X_L · Answer

As a downtime of 2 minutes is acceptable, a single gateway in A/P mode will suffice, bringing the total count to: 3 PIP's / 2 LNG's / 1 VNG

Ausias18 · Answer

This question appeared in my AZ-104 exam

dips31089 · Answer

This link below has the solution-
https://docs.microsoft.com/pt-br/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices
Downtime of 1 - 1.5 mins.
Answer is--
1 Azure public IP address (other public address are for on-prem - gateway IP, BGP Peer IP )
1 Virtual network gateway (uses the IP)
2 Local network gateways (one for each remote VPN device)

Qudzie · Answer

Hi Guys I will go with;
A: 1 Public IP address 
B: 1 VNG (Default has 2 instances active-standby)
C: 2 Local Gateways (connects to on-prem)
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
(About Azure VPN gateway redundancy) & (Multiple on-premises VPN devices)
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case. For P2S VPN client connections to the gateway, the P2S connections will be disconnected and the users will need to reconnect from the client machines.
On-Prem the failover is managed by your local VPN devices.
The question though is asking about Azure if I understand it correct in Active-Standby mode.
My thoughts welcome to correct me.

arseyam · Answer

The correct answer is 1 public IP address, 1 virtual network gateway and 2 local gateways.
Since a downtime of 2 min is accepted then an Active/Passive virtual network gateway is enough which means we need only 1 public IP address.
As per Microsoft, the connection recovery shouldn't take more than 1 and half minutes in the worst case scenario.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

groy · Answer

PUBLIC IP ADDRESS: 4
VIRTUAL N/W GATEWAY: 2
LOCAL N/W GATEWAY: 2

VikasA · Answer

I think It should be one vpn gateway (Behind the scenes there is actually 2 used ). So only one public IP is needed in azure. When you create local gateway , you just state public ip of your on premises devices (So public ip is not utilized in azure just stated in azure).In the event of vpn gateway failure , standby instance can take over between 15 seconds to 90 seconds. So answer will be-
one VPN gateway
one public IP
Two local gateways.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

bc5468521 · Answer

3,1,2 is the right answer

[Removed] · Answer

2-2-2
Benkyoujin is correct, here is the good link
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell

thirstylion · Answer

Dual redundancy is the most reliable option as suggested. As per that I think the answers are correct.

DeveshSolanki · Answer

PUBLIC IP ADDRESS: 	4
VIRTUAL N/W GATEWAY: 	2
LOCAL N/W GATEWAY: 	2

Luiza · Answer

Correct answer is: 3, 1 ,2

The question asks for a minimum of IP, VNG and LNG with a tolerance of 2 minutes of interruption. Then an active-standby would solve.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

nabylion · Answer

1:1:2. Active/standby is enough. Only critical mission solutions requires investment in highest availability and crossed tunnels.

basak · Answer

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
seems to be 2, 1,2

matie · Answer

For me, the answer of  1 public ip address, 2 virtual and 2 local gateways satisfies the question:
"What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? " 
And an active passive AZ vpn gateway set up satisfies the requirement that "The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes."

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

faozio · Answer

This is so wrong

What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure?

The question specifically said Azure?

I have personally labbed this ...

When active - active mode is activated on a VPN Gateway, it would have 2 PIP.

To create a highly available architecture with two on-premises devices then...

4 connections 1 with PIP 1 to VPN A on-premises
connections 2 with PIP 1 to VPN A on-premises
connections 3 with PIP 3 to VPN B on-premises
connections 4 with PIP 1 to VPN B on-premises

Since the LNG have same public endpoint we would need only 2 of them...

The correct answer is 2 1 2
Again...The subscription contains an Azure virtual network named VNet1

Looking at that statement, only 1 VPN gateway is allowed in a VNET

faozio · Answer

Apologies, there was no way to edit...

We need 4 connections

connection 1 with PIP 1 to VPN A on-premises
connection 2 with PIP 2 to VPN A on-premises
connection 3 with PIP 1 to VPN B on-premises
connection 4 with PIP 2 to VPN B on-premises

saran1987 · Answer

Understand the existing infrastructure and the requirement.

Existing: Two on prem VPN device and 1 Azure Vnet Gateway (This consists one active and standby be default)

Requirement: the failure will not cause an interruption that is longer than two minutes

Ans: You need 2 public IP for the VPN devices so that you can configure two local network gateway. You need one public IP for your VPN gateway (it has active and standby mode by default so you dont need two VPN gateways for the failover).

So 3 public IP and 1 VPN gateway and 2 local Network Gateway

Bart78 · Answer

3 pub IP's (2x on premise, 1 for the active/standby VPN Gateway (1 - 1.5 minute downtime, questions states max 2 minutes) and 2 local Network Gateways (one for each on premise pub IP

prince_norman_maximus · Answer

2,1,2
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#activestandby
The configuration described here is "Multiple on-premises VPN devices"

andyR · Answer

Given answer correct refer - Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks

ihustle · Answer

Why one public IP? Shouldn't there be two; one for the on-premise network and one for the azure network?

jasu · Answer

Question is about to resource requirement in Azure; not in on-prem network. This is an Active-Standby at Azure side since 2min down time is mentioned. For Active-Standby, 1 IP, 1 Virtual Network and 2 Local Network (from two VPN Gateways) need to be created.

OsimIndia · Answer

Here is the correct answer : 2,1,2.  refer this link

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

Showkat · Answer

The questions says required in Azure, I believe its 3 public addresses, 1 IP will be created during the LNG creation and then 2 IPS are required to configure with LNG's, seems its 3, 1, 2.

AZ-300 Exam - Question 75

Discussion