Azure VNET to VNET to site to site VPN connectivity
Question
Scenario.
We have a site 2 site VPN from ON PREM to Azure VNET (with a vnet gateway) in a specific rg. lets call the VNET with the VPN connection for: vnet-vpn
Then we have a VNET in another Resourcegroup in Azure (Same subscription as vnet-vpn) lets call it vnet-a
I need services in vnet-a to be able to call on prem systems by proxying thru the vnet-vpn and that way gaining access to the on-prem network.
I can:
- create a connection between the 2 vnets in Azure (vnet-vpn, vnet-a) by using peering.Tested by letting services from each vnet communicate directly.
- call on prem services from applications placed in the vnet-vpn.
I CANNOT:
- access on-prem systems from vnet-a.
I cannot find any documentation that explicitly describes this scenario and and to set it up. Can someone please help:-)
2 answers
solution1
0 2022-01-27 13:01:48
You can refer to this tutorial here which resembles the scenario you are trying out. You need to enable gateway transit on your peered VNET in order to establish connectivity with your on-prem systems.
solution2
0 2022-01-29 01:56:24
More info on current config could be used to answer this, but here are a couple of ideas:
- Make sure Gateway Transit is enabled inside the peering configuration between
vnet-vpnandvnet-a - Make sure that
vnet-aIP range is included in your Azure VPN and also OnPrem VPN configuration- Alternatively, NAT your
vnet-aaddresses into some range which is acceptable for your OnPrem VPN. Please be aware thatNAT rulesfeature is only Preview on Azure Virtual Network Gateway. You either have to take the risk of using a preview feature (fine for non-production workloads), or implement your own NAT appliance.
- Alternatively, NAT your
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.