Update VPN gateway user-defined routes warning

vishalme · web-flow · commit f2255b811c2f · 2025-10-24T14:54:13.000-07:00
Clarified restrictions on user-defined routes with GatewaySubnet address space and next-hop configurations.
diff --git a/includes/vpn-gateway-gwudr-warning.md b/includes/vpn-gateway-gwudr-warning.md
@@ -9,6 +9,6 @@
  ms.author: cherylmc
  ms.custom: include file
 ---
-* User-defined routes with a 0.0.0.0/0 destination and network security groups (NSGs) on the gateway subnet *are not supported*. Gateways with this configuration are blocked from being created. Gateways require access to the management controllers in order to function properly. [Border Gateway Protocol (BGP) route propagation](/azure/virtual-network/virtual-networks-udr-overview#border-gateway-protocol) should be enabled on the gateway subnet to ensure availability of the gateway. If BGP route propagation is disabled, the gateway won't function.
+* User-defined routes with a 0.0.0.0/0 destination and network security groups (NSGs) on the gateway subnet *are not supported*. User-defined routes, containing GatewaySubnet address space, with next-hop set to none or with next-hop set to NVA (which has policy to drop the traffic) are not supported. Gateways with this configuration are blocked from being created. Gateways require access to the management controllers in order to function properly. [Border Gateway Protocol (BGP) route propagation](/azure/virtual-network/virtual-networks-udr-overview#border-gateway-protocol) should be enabled on the gateway subnet to ensure availability of the gateway. If BGP route propagation is disabled, the gateway won't function.
 
 * Diagnostics, data path, and control path can be affected if a user-defined route overlaps with the gateway subnet range or the gateway public IP range.
