AZ-303 Exam - Question 229

Question

HOTSPOT -You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet. You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes. What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:.

Examice · Accepted Answer

Box 1: 4 -Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below. Box 2: 2 -Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. Box 3: 2 -Dual-redundancy: active-active VPN gateways for both Azure and on-premises networksReferences:https://docs. microsoft. com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable.

Aghora · Answer

"What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required IN AZURE?" 
2 IPS in Azure and 2 on prem - so only 2 In azure 
2 Gateways in azure 
2 local in azure

snobrega · Answer

1 - 1 -  2 ??

https://www.examtopics.com/exams/microsoft/az-300/view/15/

widurr · Answer

1-1-2 Active-passive has 2 mins max downtime

euve · Answer

2-1-2 is the right answer:

- 2 Public IP Addresses required for a VPN gateway active-active (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations)

- 1 Virtual Network Gateway in active-active mode (
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations)

- 2 Local Network Gateways (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations)

AmitRoy · Answer

1 - 1 PIP is enough for active/stand by as per the downtime allowed.
1 - 1 NPN GW is enough
2 - 2 local N/W G/W to map to 2 devices on-premise.

sparkdevops · Answer

It should be 3-1-2. As in data center has 2 local networks and so 2 vpn devices and One Active-passive Azure VPN gateway. In total 3 public IP Addresses. 1 Azure VPN gateway as Active-Passive, which meets the requirements for 2 min failover to passive, and
 2 local local network gateways.

Mavy · Answer

4 2 2 is correct. 
Question says "The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails" so it cant be a single gateway onprem or in azure

you need 4 ips for each gateways (2 locals, 2 on azure)
you need 2 gateways in azure
you need 2 gateways onpremise

DerekKey · Answer

2 IP - when you configure VNG you must provide 2 addresses
1 VNG - Active-Active
2 LNG - "The data center contains two VPN devices"

IsaacTeh · Answer

2 - 1 - 2
2 instance with public ip assigned for one vpn gw 
2 local gateway

Madball · Answer

I think the answer is 2-1-2

If you read this guide.
https://docs.microsoft.com/en-us/azure/vpn-gateway/active-active-portal

You create a single virtual network gateway, with 2 public IP addresses and 2 local network gateway.

Jamesat · Answer

Based on the 2 minutes statement you would only need 1 VPNGW. No need for an Active/Active in this case.
So based on that the answer is 1 Public IP on the VPNGW. The Local Gateways don't have IPS in Azure they will be public from the company.
1 VPNGW and 2 Local Gatways.
So 1 - 1 -2.

SteveChai · Answer

same question in AZ-104, 
keyword: required in Azure only. 
So, the correct answer should be 
2 public IP addresses
1 virtual network gateways
1 local network gateways
If the question mention about Azure on onPremise. then, it will be 4,2,2

Stevezzc · Answer

1 -1 -2 is correct.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#about-azure-vpn-gateway-redundancy

mooni · Answer

Answer should be 2-1-2 as you need to create only one VPN GW in azure the other will be created automatically does not matter if you select active-active mode is enabled or disabled.

tteesstt · Answer

Active-Standby. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#about-vpn-gateway-redundancy

Active-Standby can cause interruption up to 3 minutes, so we need Active-Active.

2 IPs - 1 for each instance of VPN instance.
1 VPN GW - VPN GW Active-Active mode creates two instances. (though you only see 1 VPN GW in Azure)
2 Local GWs - 1 for each on-prem VPN device

Neraf · Answer

I agree with 1-1-2. However, the most highly available architecture is two active-active VPN gateways connecting to two on premises gateways. This configuration requires two ip addresses per gateway since they are both active at the same time. Hence 4 IPs.

satbim · Answer

2 - 1 - 2 is the correct answer..

scorpion20047 · Answer

repeated question
1-1-2 is correct

JMG73 · Answer

repeated question

069 - https://www.examtopics.com/exams/microsoft/az-303/view/14/

DNeo · Answer

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

answer is correct

paulot · Answer

Q: What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure?
IN AZURE, you only need 1 public ip (2-minute VIP migration means 1 VPNGW), 1 VPNGW and 2 IP from  OnPrem. This picture: https://docs.microsoft.com/en-us/azure/vpn-gateway/media/vpn-gateway-highlyavailable/multiple-onprem-vpns.png

student22 · Answer

2-1-2
---

anupam77 · Answer

I must say - Correct Answer given.

PIP = 2 PIP for Local Network Gateway + 2 PIP for VN Gateway Instances  = 4
//The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property.

VNG = 2 (Active-Active)

LNG = 2

Reason -

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks

Reason for VNG = 2:-
"For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case"
As per question, it should be less than 2 minutes. Hence need VNG : Active-Active

Reason for PIP = 4:-
"The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property"

yassali · Answer

the answers seems not correct can some explain why 4 IPs and 2 VPNGW

erms · Answer

1-2-2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case.

Bengkel · Answer

I think active-active is required here. 
The tutorial on https://www.rebeladmin.com/2020/05/step-step-guide-high-available-vnet-vnet-connectivity-via-active-active-azure-vpn-gateways-powershell-guide/ demonstrates 2x (2 IP's and 1 gateway). Therefor answer should be 4-1-1.

Beitran · Answer

"For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case."
So active/active is required -> 2-2-2

Jasper666 · Answer

Think it's 4-2-2 because a local gateway network and public ip's of the on-premise endpoints must be supplied in the vpn config in Azure.

PengPai6 · Answer

I think the ans should be：1-1-2

chupacabra · Answer

The answer should be 2/2/4.

If you do active/active, you'll need 4 LNGs since it's a mesh network. 2 LNG per VNG since 2 VPN devices on prem.
Since the wording change for VNGs to now be about 1 to 3 minutes it's safe to assume that you'll need to go with active/active to accomplish the 2-minute requirement and that will result with:
2 PIPs in Azure for the 2 VNGs.
2 VNGs
4 LNGs.

rabindra_barik · Answer

Even though 4, 2, 2 is correct, 
when Azure VNET connected S-2-S , another VNET is on standby . hence, minimum; can be
3,1,2

ArunTG · Answer

2:2:2 - clearly asked ON AZURE end only not for the entire solution.
In this configuration, each Azure gateway instance will have a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Note that both VPN tunnels are actually part of the same connection. You will still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.

Itboss · Answer

1 - 1 - 2
firstly the question is about how many in Azure , ignore all on-prem counts
1 VNET , you can only have 1 VPN Gateway in a VNET, which will be on active/standby , sharing 1 public IP between the active/standby gateway
2 Local Network gateways in azure to represent the 2 VPN devices on-prem

AZ-303 Exam - Question 229

Discussion