Forum Discussion
Creating a VPN, do I need to add a route to reach my local peer IP?
Thanks for your posts.
I had to swap out the firewall with one I know how to use, and was on the compatibility list. It came right up.
Now that I have my VPN up and my policies set up correctly (I think), how does routing happen between my GatewaySubnet and the other Subnets in my VNET? Do I have to set up routes or do all subnets within a subnet automatically route between each other?
Thanks
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
you wrote policies, does that mean you went with policy based VPN. Although they fully support policy based VPN it is the most limited of the two.
regardless the routes that you defined in your VPN should be known to all subnets within that VNET
I wrote policies on the Juniper, so it tunnels certain subnets - that's typically how I do it on the Juniper's.
The VPN says "Route Based" on the Azure side though. So I guess it depends who you ask. :)
What I'm looking for is there must be some configuration in the VPN (I haven't seen it) - that tells me which subnets it can route to and which it can't. How do I know what Subnets the GateWay subnet has access to (perhaps I'd want to limit this)? Or perhaps it's anything in the VNET that the VPN exists in. That's what I'm suspecting.
In which case, I'd obviously need to write a policy on my Juniper side to handle those various subnets.
Thanks Kent
I wrote a separate policy for another subnet that was in my VNET and it worked like a champ.
Thanks for all your posts, Kent.