Forum Discussion
Multiple Vnets to OnPermis Connection using site to site VPN
Dear Friends
Could Anyone help to configure the Multiple VNets to OnPermis N/W Connection using the site to site VPN,
I tried in My Home lab with RRAS, but I can connect one VNET but cannot reach another VNets,
What are the steps I need to follow, to connect Other Vnets from RRAS connected Infra
Thanks
Sivarajan
2 Replies
Hi
If you have successfully configured your VPN
You need to add some routing and security configurations . For that you will need a Netwotk Virtual Appliance like a Next Gen Firewall ( Fortinet Palo Alto Checkpoint ... ) or use Azure Firewall .
I'm assuming you have Hub and Spoke Topology
So in The Hub you may have :
- Allow Traffic to remote virtual network (default )
- Allow Traffic forwarded from remote virtual network (default)
- Use this virtual network's gateway or Route Server (default to none )
In Spoke
- Allow Traffic to remote virtual network (default )
- Allow Traffic forwarded from remote virtual network (default)
- Use the remote virtual network's gateway or Route Server (default to none )
For every spoke you should
- Create and configure in a route table a user defined route to send traffic 0.0.0.0/0 to the private IP of your Firewall (Next Hop Virtual Appliance )
In Hub you need to
- create a route to each scope with the same next hop (Firewall)
Then create Firewall rules to allow or deny traffic for one vnet to another
For the subnet traffic rely on network security groups / application security groups attached to subnets instead of nics
Avoid Overlapping Address
anilinalMicrosoft
Hi;
First you need to configure vnet peerings.
While configuring;
1. You need to check Use this virtual network's gateway checkbox in the Vnet which you deploy your vnet gateway (Hub Vnet)
2. You need to check Use the remote virtual network's gateway checkbox in the Vnet which you peered to hub (Spoke Vnet)
Configure VPN gateway transit for virtual network peering - Azure VPN Gateway | Microsoft Docs
