Cloud Gateway VPN Gateways

In the Crime tenants, we have two VPN gateways that route traffic to the HMCTS Azure tenant.

There is one VPN gateway per Crime tenant and they reside in the MDV and MPD environments.

These gateways allow traffic to flow between the two Crime tenants and to the HMCTS tenant.

This is achieved using both site-to-site and vnet-to-vnet connections that route traffic through Cloud Gateway or directly to the HMCTS tenant.

Some more information on the gateways and their connections can be found here.

VPN Gateway Architecture

Where is the IaC for the VPN gateways?

The code for the VPN gateways can be found in the cpp-automation-terraform repository.

• MDV
• MPD

This repo contains the code to deploy:

• VPN Gateways
• Local Network Gateways
• Site-to-Site connections
• Vnet-to-Vnet connections

What services use the VPN gateways?

The VPN gateways are used by the following services, among others:

• CJSC
• Court Store
• DARTS
• Libra

You can see which services use which connections on this Confluence page.

Third party contacts for Crime services can be found here.

BGP Configuration

BGP (Border Gateway Protocol) is used to exchange routing information between the VPN gateways and the connected networks. You can view the BGP peers and learned routes in the Azure portal via the links below:

• MDV BGP Peers
• MPD BGP Peers

Other Useful Links

• Cloud Gateway Firewall Rules

This page was last reviewed on 18 August 2025. It needs to be reviewed again on 18 February 2026 by the page owner platops-build-notices .

This page was set to be reviewed before 18 February 2026 by the page owner platops-build-notices. This might mean the content is out of date.