Forum Discussion
Solved
about routes
Hello Community,
I have this architecture HUB and Spoke with Forced Tunneling applicated.
I need your propositon for the routes tables and the routes for every part.
Thanks
Hi Ensure that you have the proper peering enabled
hub-to-spoke A with gateway transitspoke A-tohub : Default + Use this virtual network's gateway or Route Server
hub-to-spoke B with gateway transitspoke B-tohub : Default Use this virtual network's gateway or Route Server
If you want the incoming traffic (from the gateway ) to be filtered by the firewall attach a route table to the gateway subnet with the routes
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPEnsure also that proper routes are present in spoke route tables
Route Table associated to Subnet Spoke A
Adress Prefix 10.0.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunelling)Route Table associated to Subnet Spoke B
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunneling)Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall privatAdress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPRead the full doc for forced tunneling if needed : https://docs.microsoft.com/fr-fr/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
Hi Ensure that you have the proper peering enabled
hub-to-spoke A with gateway transitspoke A-tohub : Default + Use this virtual network's gateway or Route Server
hub-to-spoke B with gateway transitspoke B-tohub : Default Use this virtual network's gateway or Route Server
If you want the incoming traffic (from the gateway ) to be filtered by the firewall attach a route table to the gateway subnet with the routes
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPEnsure also that proper routes are present in spoke route tables
Route Table associated to Subnet Spoke A
Adress Prefix 10.0.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPAdress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunelling)Route Table associated to Subnet Spoke B
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunneling)Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall privatAdress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IPRead the full doc for forced tunneling if needed : https://docs.microsoft.com/fr-fr/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
Hello Ibrahima,
Thank you for your reply and assistance.
1-Can you confirme that for the :
** Route table attached to gateway subnet ( disable_bgp_route_propagation = true)
** All Route tables for the spokes ( disable_bgp_route_propagation = false)
2- You use the address space /16 and not the subnet /24 for every spoke in the routes ? Just to confirm that.
Thanks- Hello yes correct !
