Should I use IP addresses from the Gateway Subnet in an Azure VPN?
Question
I am configuring an Azure VPN with site-to-site connectivity to a large enterprise customer. I have configured the following address space:
Now the customer has asked "Could you please send us traffic with one ip address, instead of range (192.168.2.0/27)"
I will only have one VM on the VPN so I can pick any IP in the range, but should I pick one from the Subnet-1 range or the Gateway range? What will the customer see our traffic as coming from?
Edit Once I answered my own question I realised how poor the title was so I've edited it.
2 answers
solution1
12 ACCPTED 2015-03-11 12:28:12
The answer is no. Do not use the gateway subnet.
I eventually found exactly what I required on this Microsoft page . Specifically:
And don't deploy VMs or anything else to the gateway subnet.
and
Can I deploy Virtual Machines or role instances to my gateway subnet?
No.
solution2
1 2020-06-25 16:30:27
By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure. When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they're typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.
The new guidance is now - Use at least a /27 address mask for the gateway subnet.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.