AZURE Extend an on-premises network using multiple VPN’s

I am looking at this

It states 4 options to connect from on-prem to AZURE:

  • Hybrid network with VPN gateway
  • Hybrid network with ExpressRoute
  • Hybrid network with ExpressRoute and VPN failover
  • Hub-spoke topology

I am looking at the first option:

This diagram is there:

enter image description here


  • I find the diagram hard to follow. Does the AZURE Stack include the Azure Virtual Network (AVN) or is that part of another AZURE Stack?
  • Main question: The AVN shown is fine with its own Gateway, but what if there are 2 VNETs? Both will be shown with a line to the same On Premises Gateway? Both will have a Gateway and will we need 2 site2site VPN’s or reuse the same site2site VPN? I think the latter but can only see example with Hub Spoke approach.
  • Moreover, the main document lists 4 types of approaches – one being Hub Spoke approach. But the document for this option also talks about Hub Spoke approach. I find that hard to follow.

May seem a silly premise or set of questions, but I find the article not well written. I somehow think this article is more relevant: