Forum Discussion

nitrox2000's avatar
nitrox2000
Copper Contributor
Mar 13, 2026

Azure VM Persistent Route Setup

Hi

I hope to get some advice on a routing issue from Azure to an on-premises system.

A little background first, please bear with me:

We have an on-premises VM that connects to an isolated Thirdparty network via an On-Prem Cisco ASA FW specifically for this purpose.

-------------------------------------------------------------------------------

OnPrem VM's IP: 10.100.10.23/24 

OnPrem dedicated FW - Local Inside Interface IP: 10.100.10.190

--------------------------------------------------------------------------------

OnPrem dedicated FW - 3rdParty Interface IP: 10.110.255.137

Thirdparty router IP: 10.110.255.138 - This routes to aditional devices on 10.10.227.10 and 20.10.227.10.

--------------------------------------------------------------------------------

There are static routes configured for 3rd party FW interface using:

3rdParty Interface - 10.10.227.10 255.255.255.255 - 10.110.255.138 (Gateway IP)

3rdParty Interface - 20.10.227.10 255.255.255.255 - 10.110.255.138 (Gateway IP)

--------------------------------------------------------------------------------

The on-premises VM (10.100.10.23) has persistent routes added to allow connectivity:

Network Address          Netmask               Gateway Address     Metric

10.10.227.10                255.255.255.255       10.100.10.190            1

20.10.227.10                255.255.255.255       10.100.10.190            1

10.110.255.136            255.255.255.252       10.100.10.190            1

---------------------------------------------------------------------------------

The above works fine on-prem but I now need to migrate the On-Prem VM service into Azure.

Azure Side

I have created a test Azure VM with a static IP in an isolated subnet (no other devices using it) in the Production subscription of our LZ (Hub and Spoke topology).

We have a site-to-site VPN connected to our on-premises FW using a VPN Gateway configured in the Connectivity subscription of our LZ (as expected).

We have defined subnets for on-premises address spaces in the Local Network Gateway:

10.100.10.0/24, 10.100.11.0/24, 10.100.13.0/24, 10.100.14.0/24 (Local Subnets) and 172.16.50.0 (VPN client Subnet)

---------------------------------------------------------------------------------------

Main Problem that I'm requesting advice for:

When I add the defined persistent routes on the Azure VM (IP address: 10.150.1.10/24) as is on the On-Prem VM

Network Address          Netmask               Gateway Address     Metric

10.10.227.10                255.255.255.255       10.100.10.190            1

20.10.227.10                255.255.255.255       10.100.10.190            1

10.110.255.136            255.255.255.252       10.100.10.190            1

I'm unable to ping the 10.10.227.10 and 20.10.227.10 addresses, even though the routes have been added by the 3rd party on their network side.

All Network Objects, static routes, groups and rules are duplicated on the ASA FW for the Azure VM as is for the On-Prem VM and I can access/ping the ASA FW inside interface no problem .

Is there a specific way I need to route the persistent routes from Azure side, have I missed something in the configuration above to get the connectivity I require?

Please all advice is welcomed!

Thank you

Nitrox

 

No RepliesBe the first to reply