Forum Discussion

marky79's avatar
marky79
Copper Contributor
Nov 02, 2020
Solved

VPN connection to a peered VNET

Hi

 

I'm having a bit of an issue connecting to my servers after authenticating through a P2S VPN and was wondering if anyone had a solution.

 

My environment is as follows:

 

2x Azure servers in a VNET connected to my on-premise network using a S2S VPN. This part is all working fine.

 

I've created a new VNET and made a new P2S VPN using AD authentication. I've enabled peering between the networks and that bit seems to be OK. When I connect to my P2S VPN I cannot access either the 2x Azure servers or any of my resources on-prem. Any help will be gratefully received.

 

Thanks

  • IrishTechie's avatar
    IrishTechie
    Nov 03, 2020

    marky79 

     

    Hi Mark,

     

    Yeah, if you recreate as route-based you'll be able to add S2S and P2S. 

     

    Let me know how you get on with those options. I will try to get time this evening to mock it up to make sure the standard routing works or whether we might need to make some changes.

     

    Have a good day!

     

    Karl

  • IrishTechie's avatar
    IrishTechie
    Brass Contributor
    Nov 03, 2020
    Hi Marky79,

    How are you?

    Have you considered having your P2S connect to the same VPN Gateway as your S2S?

    If you are wanting to do hit resources on the other end of a peering and a S2S VPN you will need to set “Allow Gateway Transit” on the VPN Gateway VNET side and “Use Remote Gateway” on the non-VPN Gateway side. These settings are within your VNET peering setup.

    I’d have to mock up your environment to test routing with the two vpn gateways in different vnets.

    If the first tips don’t help you, I’ll build a mock up later tonight to test for you.

    Let me know.

    Karl
    • marky79's avatar
      marky79
      Copper Contributor
      Nov 03, 2020
      Hi Karl

      That was my first thought but it's not currently an option as whoever set this up originally created the s2s as a policy based VPN. If I can't get it working I may have to delete the existing connection if that will allow me to have the s2s and p2s using the same gateway. That would be a lot simpler but isn't something I've done before.

      I'll have a look at the other gateway settings today.

      Mark
      • IrishTechie's avatar
        IrishTechie
        Brass Contributor
        Nov 03, 2020

        marky79 

         

        Hi Mark,

         

        Yeah, if you recreate as route-based you'll be able to add S2S and P2S. 

         

        Let me know how you get on with those options. I will try to get time this evening to mock it up to make sure the standard routing works or whether we might need to make some changes.

         

        Have a good day!

         

        Karl

Resources