Forum Discussion
Multiple Vnets to OnPermis Connection using site to site VPN
Dear Friends Could Anyone help to configure the Multiple VNets to OnPermis N/W Connection using the site to site VPN, I tried in My Home lab with RRAS, but I can connect one VNET but cannot ...
Hi
If you have successfully configured your VPN
You need to add some routing and security configurations . For that you will need a Netwotk Virtual Appliance like a Next Gen Firewall ( Fortinet Palo Alto Checkpoint ... ) or use Azure Firewall .
I'm assuming you have Hub and Spoke Topology
So in The Hub you may have :
- Allow Traffic to remote virtual network (default )
- Allow Traffic forwarded from remote virtual network (default)
- Use this virtual network's gateway or Route Server (default to none )
In Spoke
- Allow Traffic to remote virtual network (default )
- Allow Traffic forwarded from remote virtual network (default)
- Use the remote virtual network's gateway or Route Server (default to none )
For every spoke you should
- Create and configure in a route table a user defined route to send traffic 0.0.0.0/0 to the private IP of your Firewall (Next Hop Virtual Appliance )
In Hub you need to
- create a route to each scope with the same next hop (Firewall)
Then create Firewall rules to allow or deny traffic for one vnet to another
For the subnet traffic rely on network security groups / application security groups attached to subnets instead of nics
Avoid Overlapping Address