Forum Discussion
Azure Secure Virtual Hub VNET-Branch Routing
Hey trying to get connectivity going from our VNET to Branch over the S2S VPN I've setup and from what I can tell when doing a tracert to an branch private ip address it seems to stop at the Azure Firewall IP Address and I've even created an any/any rule on the firewall policy but no go so far.
Is there something that I'm Missing? Here is my topology..
Secure Virtual Hub
1x VNET Spoke
1x VPN Site
Both associated to the default route table which has a route for 0.0.0.0/0 next hop firewall
Both Propagating to the None route table.
I have created a DNAT rule to allow RDP which I'm assuming thats how I'm getting into the virtual machine via rdp but once I'm in I cannot route to anything back.
1 Reply
Would suggest this:
- Update Route Table Propagation:
- Enable propagation from VPN Site to the default route table.
- Add Network Rule in Firewall Policy:
- Allow traffic from VNET subnet to Branch subnet.
- Verify Branch Firewall/Router Rules:
- Ensure it allows traffic from Azure Firewall’s SNAT IPs.
- Test with Logging:
- Enable diagnostic logging on Azure Firewall to trace dropped packets.
