Forum Discussion
SvenMatzen
Mar 20, 2023Copper Contributor
Problem with Spoke > Hub > on-prem access
I am a little bit lost - maybe there is something in Azure that I do miss. I have a hub/spoke in Azure with on-prem connected via Azure Network Gateway and Site-2-Site tunnel: hub is 172.30.50.0/...
tommykneetz
Mar 05, 2024Iron Contributor
Route need to be like this:
ONprem VM > onprem Gateway / FW / VPN > Tunnel to Azure > VPN Gateway > UDR with Route to your Spoke > pointing to your appliance > FW Rule > internal nic > peering to spoke > spoke VM
Route Tables on your HUB need "propagate routes" to be enabled
Route Tables on your spoke need that disabled
you can check on your nic all learned routes.. check if your peering is active
ONprem VM > onprem Gateway / FW / VPN > Tunnel to Azure > VPN Gateway > UDR with Route to your Spoke > pointing to your appliance > FW Rule > internal nic > peering to spoke > spoke VM
Route Tables on your HUB need "propagate routes" to be enabled
Route Tables on your spoke need that disabled
you can check on your nic all learned routes.. check if your peering is active
dennisbpraise
Mar 10, 2024Copper Contributor
That's it. Check all that, and you should be fine on Azure's end.
If you're still not able to reach the on-premises network from the spoke, then the on-premises guys need to check their traffic selectors, making sure that the spoke address space is whitelisted...
If you're still not able to reach the on-premises network from the spoke, then the on-premises guys need to check their traffic selectors, making sure that the spoke address space is whitelisted...