Forum Discussion
Asav on azure
I need help creating a vpn from my Azure ASAV.
As it stands right now the trace Capture on my Asav from my Azure Vm to the Remote site Asa private network says my Azure VMs aren't pushing traffic to the ASav.
my question when each Azure vm has a public ip how can one then route the traffic tru the Asav.
Anyone that has deployed asav on azure shld pls assist.
1 Reply
Try the following on routing VM traffic through the ASAv:
1. Remove direct public IPs from the VMs
o Keep only private IPs on your workload VMs.
o This ensures they can’t bypass the ASAv.
2. Place the ASAv in a dedicated subnet
o Typically called a “hub” or “DMZ” subnet.
o The ASAv has one NIC facing the workload subnet(s) and another NIC facing the Internet/VPN gateway.
3. Create a User Defined Route (UDR)
o In the workload subnet, add a route:
Destination: 0.0.0.0/0 (or the remote network CIDR if you only want VPN traffic)
Next hop type: Virtual appliance
Next hop IP: The ASAv’s inside NIC private IP
o Associate this route table with your VM subnet.
4. Configure the ASAv
o On the ASAv, configure the VPN tunnel to your remote ASA.
o Ensure NAT and ACLs are set so that traffic from the VM subnet is encrypted and sent through the tunnel.access-list VPN-INTERESTING-TRAFFIC extended permit ip <VM-subnet> <Remote-subnet> crypto map OUTSIDE-MAP 10 match address VPN-INTERESTING-TRAFFIC
o Apply the crypto map to the ASAv’s outside interface.
