Forum Discussion

wristein's avatar
wristein
Copper Contributor
May 28, 2022

Asav on azure

I need help creating a vpn from my Azure ASAV. As it stands right now the trace Capture on my Asav from my Azure Vm to the Remote site  Asa private network  says my Azure  VMs aren't pushing traffic...
Kidd_Ip's avatar
Kidd_Ip
MVP
Oct 31, 2025

Try the following on routing VM traffic through the ASAv:


1.    Remove direct public IPs from the VMs
o    Keep only private IPs on your workload VMs.
o    This ensures they can’t bypass the ASAv.
2.    Place the ASAv in a dedicated subnet
o    Typically called a “hub” or “DMZ” subnet.
o    The ASAv has one NIC facing the workload subnet(s) and another NIC facing the Internet/VPN gateway.
3.    Create a User Defined Route (UDR)
o    In the workload subnet, add a route: 
    Destination: 0.0.0.0/0 (or the remote network CIDR if you only want VPN traffic)
    Next hop type: Virtual appliance
    Next hop IP: The ASAv’s inside NIC private IP
o    Associate this route table with your VM subnet.
4.    Configure the ASAv
o    On the ASAv, configure the VPN tunnel to your remote ASA.
o    Ensure NAT and ACLs are set so that traffic from the VM subnet is encrypted and sent through the tunnel.

access-list VPN-INTERESTING-TRAFFIC extended permit ip <VM-subnet> <Remote-subnet>
crypto map OUTSIDE-MAP 10 match address VPN-INTERESTING-TRAFFIC


o    Apply the crypto map to the ASAv’s outside interface.

Resources