Forum Discussion
On-prem connect with S2S VPN to Azure / users on P2S to Azure cannot connect to S2S on-prem resourc
- I got it working in the end, issue was with onprem firewall S2S configuration in the regards of the P2S subnet phase2 encryption/authentication and pfs. So BGP was not needed.
Hi!
Thanks for trying to help out. Hope my MSpaint skills are OK 🙂 Else let me know if you need something more? Also see my previous screenshots.
As for the below, the Azure P2S users (see orange box) are able to access VM at Azure no problem however they cannot directly access the windows laptop 192.168.1.110 at the onsite prem.
The FortiClient P2S users (see yellow box) are able to directly access the VM at Azure over the S2S tunnel.
I should add that accessing the windows laptop (onprem) from the Azure windows VM is no problem.
Thanks
JLa
According to this:
https://learn.microsoft.com/sv-se/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#vnetbranch
Seems BGP is needed? Please let me know if thats the case and static route cant be used?J-La026
That does seem to be the case as BGP being enabled is referenced in multiple Microsoft documents related to the scenario and in this document specifically referencing a 'users need access to resource in Azure and/or on-prem resources' use case: https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support
Also keep in mind whenever you make changes to configurations a new point-to-site vpn profile needs to be downloaded from the azure portal to get the updated configurations.
