Forum Discussion
azvpn->expressroute->on-prem
Hi,
I'm using azvnp to vpn to azure. I have an expressroute directly connected to my on-prem out of azure. bgp is used to route and is working for the other vnet in azure however, i don't see my network within that bgp routing. I want to hop through expressroute to my on-prem via the azvpn I'm using for management purpose. Is this even possible?
I apricate some help
1 Reply
StefanMooreNo, Azure does not natively support traffic transit from Azure VPN (azvpn) - ExpressRoute - On-Prem. Even though BGP works for other VNETs in Azure, VPN routes are not automatically propagated to ExpressRoute, preventing direct traffic flow to on-prem.
Possible Solutions:To work around this limitation, you can consider several options: enable BGP propagation on the VPN Gateway, if supported, to ensure that on-prem routes are properly advertised; use Azure Route Server, which allows route exchange between VPN Gateway and ExpressRoute, enabling traffic transit; implement an NVA (Network Virtual Appliance), such as a virtual router (Cisco CSR, Palo Alto, Fortinet, or a Linux VM with IP forwarding), to manage routing between VPN and ExpressRoute; configure User-Defined Routes (UDR) to force VPN traffic toward ExpressRoute, ensuring that routes are correctly set; leverage ExpressRoute Global Reach, if available, to connect multiple ExpressRoute circuits and enable traffic flow between VPN and on-prem.
