How can we migrate a ExpressRoute Gateway from Basic SKU Public IP to Standard SKU Public IP if the mirgration fails due to a too small gateway network?

Question

How can we migrate a ExpressRoute Gateway from Basic SKU Public IP to Standard SKU Public IP if the mirgration fails due to a too small gateway network?

Ulrich Haake 20

Gateway SKU Migration

Validation: OK
Preparation: FAILS
{ "code": "GatewaySubnetTooSmallForVMSSGatewaySku", "message": "To deploy a zone-redundant/zonal gateway, the GatewaySubnet must be /27 or larger. Current subnet ... ... /GatewaySubnet referenced by gateway /subscriptions/... /Microsoft.Network/virtualNetworkGateways/ ... has size 10.x.x.x**/28**.", "details": [] }

The size of the network should be /27 ... how can we change this or bypass the error?

Praveen Bandaru 9,250 Reputation points Microsoft External Staff Moderator

2025-09-29T13:26:24.5366667+00:00

Hello Ulrich Haake

I see that you're attempting to migrate your ExpressRoute Gateway from a Basic SKU public IP to a Standard SKU public IP, but you're encountering an issue because your GatewaySubnet is too small. The error message notes that your GatewaySubnet is currently /28, but it must be at least /27 for the migration to work.

Check the reference public document for more understanding:

Gateway subnet creation

The size of the network should be /27 ... how can we change this or bypass the error?

Unfortunately, you cannot resize a subnet directly. You must delete and recreate it that is the only possible way. However, there will be some downtime, so please ensure that it is scheduled outside of business hours.

Check the below screen shot:

And also, check the reference document:

https://v4.hkg1.meaqua.org/en-us/answers/questions/585376/link-expressroute-circuit-to-new-gateway

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Ulrich Haake 20 Reputation points

2025-09-29T17:12:03.27+00:00
Dear Praveen,

many thanks for your answer. So steps would be:

Delete the current GatewaySubnet 10.x.x.x/28.

Create a new GatewaySubnet 10.x.x.x/27 (same subscritpion, same ressource group, same virtual network).

That's all?

The new subnet is automatically "attached" to the ExpressRoute Gateway (and whatever) and we can proceed with migration?

Answer accepted by question author

0 additional answers

Your answer

Praveen Bandaru 9,250 Reputation points Microsoft External Staff Moderator

2025-09-29T13:26:24.5366667+00:00

Hello Ulrich Haake

I see that you're attempting to migrate your ExpressRoute Gateway from a Basic SKU public IP to a Standard SKU public IP, but you're encountering an issue because your GatewaySubnet is too small. The error message notes that your GatewaySubnet is currently /28, but it must be at least /27 for the migration to work.

Check the reference public document for more understanding:

Gateway subnet creation

The size of the network should be /27 ... how can we change this or bypass the error?

Unfortunately, you cannot resize a subnet directly. You must delete and recreate it that is the only possible way. However, there will be some downtime, so please ensure that it is scheduled outside of business hours.

Check the below screen shot:

And also, check the reference document:

https://v4.hkg1.meaqua.org/en-us/answers/questions/585376/link-expressroute-circuit-to-new-gateway

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Ulrich Haake 20 Reputation points

2025-09-29T17:12:03.27+00:00

Dear Praveen,

many thanks for your answer. So steps would be:

Delete the current GatewaySubnet 10.x.x.x/28.

Create a new GatewaySubnet 10.x.x.x/27 (same subscritpion, same ressource group, same virtual network).

That's all?

The new subnet is automatically "attached" to the ExpressRoute Gateway (and whatever) and we can proceed with migration?

Answer 1

Hello Ulrich Haake
Thank you for your response. I believe there may have been a misunderstanding regarding my previous comment.

1.Delete the current GatewaySubnet 10.x.x.x/28. 2.Create a new GatewaySubnet 10.x.x.x/27 (same subscritpion, same ressource group, same virtual network).

You cannot delete the Gateway Subnet directly. Azure prevents deletion of the Gateway Subnet if a gateway is still using it.

You need to delete the Virtual Network Gateway (ExpressRoute Gateway) before you can remove the Gateway Subnet.

This means you will need to delete your existing VPN gateway and create a new Virtual Network Gateway (ExpressRoute Gateway). If you delete the Gateway subnet, you can create a new gateway subnet and then set up a new VPN gateway.

The new subnet is automatically "attached" to the ExpressRoute Gateway (and whatever) and we can proceed with migration?

No, that's not possible. You'll need to deploy a new ExpressRoute gateway, as resizing a subnet directly isn't supported. To proceed, you'll have to delete and recreate the VPN Gateway (ExpressRoute gateway) and Gateway Subnet as well, which is the only available method. Please note that this process will cause downtime, so make sure to schedule it outside of business hours.

Check the below document for Upcoming projected changes:

https://v4.hkg1.meaqua.org/en-us/azure/vpn-gateway/whats-new#upcoming-projected-changes

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to "accept answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

How can we migrate a ExpressRoute Gateway from Basic SKU Public IP to Standard SKU Public IP if the mirgration fails due to a too small gateway network?

0 additional answers

Your answer