Forum Discussion
Route Internet traffic through Ipsec tunnel.
Hi Everyone.
I need an architecture model for Routing internet traffic from vnet A to Firewall which is in vnet B. Both vnets are in different region and connected by IPsec tunnel.
I have tried using two different UDR with below configurations:
UDR1:
Source: Subnet 1 of vnet A , destination: 0.0.0.0/0, Next hop: VPN Gateway of vnet A
UDR2:
source: Gateway subnet of vnet B, destination: 0.0.0.0/0, Next hop: firewall private IP.
but, it doesn't seems to be good solution.
5 Replies
- Hi,
why do you want to route the traffic between two regions over a seperate Ipsec tunnel or VPN Gateway?
It's possible to create a global VNet Peering.
https://azure.microsoft.com/es-es/blog/global-vnet-peering-now-generally-available/
Regards,
HannesThxx@Hannes_LG ,
but in my scenario we have already an existing infra and having multiple basic internal load balancer.
If we go with global vnet peering, then we will have to update all basic internal load balancer to standard one because in global vnet peering we can't access frontend ip of internal load balancer of basic sku in peered region.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#what-are-the-constraints-related-to-global-vnet-peering-and-load-balancers
That's way I’m searching for another way.
- Hi,
okay that's bad. Is it possible to share your Route Table?
To bin a UDR with 0.0.0.0/0 to an Azure Gateway subnet isn't supported.
Original Articel (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview)
If your virtual network is connected to an Azure VPN gateway, do not associate a route table to the gateway subnet that includes a route with a destination of 0.0.0.0/0. Doing so can prevent the gateway from functioning properly. For details, see the Why are certain ports opened on my VPN gateway? question in the VPN Gateway FAQ.
I guess you have to define each subnet at the UDR.
Regards,
Hannes
