![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 4%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 92%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Hello Peter Stieber,
Thank you for posting your question in the Microsoft Q&A forum.
The core issue stems from Azure Virtual WAN's default routing behavior, where prefixes learned in one hub are not automatically propagated to other hubs without explicit configuration. When an ExpressRoute circuit is attached to Hub-1, its routes remain confined to that hub's routing tables unless inter-hub propagation is enabled. Similarly, VPN-connected prefixes follow the same isolation principle. This design ensures segmentation by default but requires manual intervention for cross-hub route sharing.
The lack of visibility in Hub-2 occurs because:
- Enable Inter-Hub Routing in Virtual WAN - Navigate to Virtual WAN → Routing → Configuration and ensure Branch-to-branch traffic is enabled. This allows route exchange between hubs.
- Verify Route Propagation in Hub-2 - Go to Hub-2 → Routing → Route Tables and confirm that:
- The ExpressRoute (ER) prefixes from Hub-1 are being propagated.
- VPN prefixes (if any) are included in the effective routes.
- Check Route Association & Propagation - Ensure Hub-2’s default route table is associated with:
- All connected VNETs (so they receive routes from Hub-1).
- ExpressRoute & VPN gateways (if applicable).
- Manually Propagate ER Routes (If Needed) - If routes are still missing, manually configure Static Routes in Hub-2’s route table to include Hub-1’s ER prefixes.
- Validate Effective Routes - Use Azure Network Watcher --> Effective Routes on a VM in Hub-2’s VNET to confirm ER/VPN prefixes appear.
- Consider Azure Virtual WAN Custom Routing (Advanced) - If default propagation fails, define custom route tables with explicit route rules for inter-hub traffic.
Without these configurations, Virtual WAN treats each hub as an independent routing domain, isolating prefixes and breaking expected connectivity. Proper route propagation requires intentional setup to override this default behavior.
If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 74%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)