1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Azure ExpressRoute

Creating and Configuring an ExpressRoute Gateway

Start course

As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.  

In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.

Learning Objectives

  • Choose between provider and direct model (ExpressRoute Direct)
  • Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
  • Select an appropriate ExpressRoute SKU and tier
  • Design and implement ExpressRoute Global Reach and ExpressRoute FastPath 
  • Choose between private peering only, Microsoft peering only, or both
  • Configure private peering and Microsoft peering
  • Create and configure an ExpressRoute gateway
  • Connect a virtual network to an ExpressRoute circuit
  • Recommend a route advertisement configuration
  • Configure encryption over ExpressRoute
  • Implement Bidirectional Forwarding Detection
  • Diagnose and resolve ExpressRoute connection issues

Intended Audience

  • System or network administrators with responsibilities for connecting an on-premises network to Azure
  • Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam


  • A basic understanding of networking, routing, and VPN concepts

Welcome to the lecture on Creating and Configuring an ExpressRoute Gateway. Before we dive in, let's review the environment, what we have in place, and what we'll create. Before we can deploy an ExpressRoute gateway, we need a virtual network to add it to. The demo environment has a virtual network or VNet in place. The name is ERLabEVNet01. The naming convention is ER for ExpressRoute, Lab, E for East, VNet, then a number. Most organizations have a preference or standard for naming.

Follow established best practices in your environment for creating names. The virtual network address space is The only subnet in use has the name default with the address space of The resource group name is ERLabEVNet01RG, and it's in the EastUS region. That's what is in place. In the following steps, we'll create an ExpressRoute virtual network gateway. The subnet name for the gateway is GatewaySubnet. That doesn't follow naming conventions, but the gateway subnet has to have the name, GatewaySubnet. The subnet address space will be The gateway name will be ERLabEGW01. The public IP address will be called ERLabEGWIP01. And the gateway type is ExpressRoute. Gathering this information and creating a reference will simplify deploying the gateway.

Let's get started in the portal next with creating the GatewaySubnet. The virtual network is in place. But before we can create a gateway, we need to create a subnet for that gateway. The following steps will deploy the subnet then the gateway from the portal. From the Azure Portal, go to the VNet and open Subnets. We can add a new gateway subnet from the top of the page. The name is automatically set to GatewaySubnet. That name is required and cannot be changed.

Update the address range to match the configuration we reviewed earlier. The minimum subnet block is a /27. The subnet block can be larger. Keep in mind that we need enough IP addresses to match the ExpressRoutes that will attach to the gateway. We only have one in this environment. But if we had more, the subnet would require enough IP addresses for each ExpressRoute circuit. There's also an option to add IPv6 if in use. The rest of the settings can be left as they are. Click Save to continue.

Now that the GatewaySubnet is in place, we can create the virtual network gateway. Go to Create a resource and search for virtual network gateway. Select and create a new virtual network gateway. Give the gateway a name and set the location. Set the type to ExpressRoute. Select a SKU for the gateway, and select the virtual network. For subnet, it will automatically select the GatewaySubnet we created previously. This example will create a new public IP address. Give it a name, and we'll leave the IP address SKU to Basic. Add tags as needed, and then go to Review and create. Click Create once validation passes.

Deploying a gateway can take several minutes to finish. Once completed, we have an ExpressRoute virtual network gateway connected to the subnet. That is how to create and configure an ExpressRoute virtual network gateway.

About the Author
Travis Roberts
Cloud Infrastructure Architect

Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.