AZ-700 Lab 03
I’m Amir Rouhanipoor, an IT Consultant specializing in Azure and cloud solutions. I help organizations streamline their IT and drive growth through secure, efficient cloud technologies.
M03 - Unit 4: Configure an ExpressRoute Gateway
Exercise Scenario
To connect your Azure virtual network to your on-premises network using ExpressRoute, you must first create a virtual network gateway. A virtual network gateway serves two key purposes:
To exchange IP routes between the networks
To route network traffic between them
Note: The interactive lab simulations previously available for this exercise have been retired.
Estimated Time: 60 minutes (includes approximately 45 minutes of deployment wait time)
Gateway Types
When creating a virtual network gateway, several settings must be configured. One essential setting is -GatewayType, which determines whether the gateway is used for ExpressRoute or VPN traffic. The two gateway types are:
VPN – Use this gateway type to send encrypted traffic over the public internet. Commonly referred to as a VPN Gateway, it supports Site-to-Site, Point-to-Site, and VNet-to-VNet connections.
ExpressRoute – Use this gateway type for private, dedicated connections. This is referred to as an ExpressRoute Gateway and is specifically used when configuring ExpressRoute.
Note: Each virtual network can have only one virtual network gateway per gateway type. For example, you can have one gateway with -GatewayType VPN and another with -GatewayType ExpressRoute in the same virtual network.
Job Skills
In this lab, you will:
Create a virtual network and gateway subnet
Create a virtual network gateway
Task 1: Create the VNet and Gateway Subnet
In the Azure portal, in the Search resources, services, and docs box, enter
virtual network, then select Virtual networks from the results.On the Virtual networks page, select + Create.
In the Create virtual network pane, on the Basics tab, enter the following values:
| Setting | Value |
| Virtual Network Name | CoreServicesVNet |
| Resource Group | ContosoResourceGroup |
| Location | East US |
Select Next: IP Addresses.
In the IP Addresses tab, under IPv4 address space, enter:
10.20.0.0/16,
then select + Add subnet.In the Add subnet pane, enter:
| Setting | Value |
| Subnet purpose | Virtual Network Gateway |
| Gateway Subnet address | 10.20.0.0/27 |
Note: The subnet name will be auto-filled as GatewaySubnet.
Select Add.
On the Create virtual network page, select Review + Create.
After validation passes, select Create.
Note: If you're using a dual-stack virtual network and plan to use IPv6 private peering over ExpressRoute, select Add IPv6 address space and enter the required range.
Task 2: Create the Virtual Network Gateway
In the Azure portal, in Search resources, services and docs, enter
virtual network gateway, then select Virtual network gateways from the results.On the Virtual network gateways page, select + Create.
In the Create virtual network gateway page, use the following configuration:
| Setting | Value |
| Resource Group | ContosoResourceGroup |
| Name | CoreServicesVnetGateway |
| Region | East US |
| Gateway type | ExpressRoute |
| SKU | Standard |
| Virtual network | CoreServicesVNet |
| Public IP address | Create new |
| Public IP name | CoreServicesVnetGateway-IP |
Select Review + Create.
After validation, select Create.
Once deployment completes (this may take up to 45 minutes), select Go to resource.
Extend Your Learning with Copilot
Use Microsoft Copilot to explore more about Azure networking tools and options. Try these prompts in the Edge browser or visit copilot.microsoft.com:
How is Azure ExpressRoute different from Virtual WAN? Can they be used together? Provide examples.
What are the key considerations when choosing between ExpressRoute Provider Model and ExpressRoute Direct?
Create a comparison table of ExpressRoute SKUs and their features.
Learn More with Self-Paced Training
Introduction to Azure ExpressRoute
Learn what Azure ExpressRoute is and the functionality it provides.Design and Implement ExpressRoute
Understand how to design and implement ExpressRoute, ExpressRoute Global Reach, and ExpressRoute FastPath.
Key Takeaways
Azure ExpressRoute enables private, dedicated connections between your on-premises network and Azure/Microsoft 365 services.
Microsoft guarantees 99.95% availability for ExpressRoute connections.
Traffic travels over a private, dedicated circuit—third parties cannot intercept the traffic.
ExpressRoute connections can be established through four models:
CloudExchange Co-location
Point-to-Point Ethernet
Any-to-Any (IPVPN)
ExpressRoute Direct
ExpressRoute features are determined by the SKU: Local, Standard, and Premium.