Apr 16 2021 09:06 AM
Greetings. According to this article and several others I've read on connecting Azure to AWS resources, a Local Network Gateway is required to be provisioned and configured along with an Azure VPN Gateway on the Azure side. My question is, why is this the case? I don't need to have a Local Network Gateway for any other S2S tunnels I've provisioned to on-prem locations, so why is this needed for connectivity to AWS? Is it because of some compatibility issues between Azure and Amazon VPN gateways, or is it due to something else? I'd just like to understand why.
Thanks in advance for any light that can be shed!
Brian
Apr 19 2021 10:57 PM
Apr 20 2021 04:40 AM
Apr 22 2021 03:10 AM
Apr 22 2021 04:35 AM
Apr 23 2021 02:19 AM
Hi Brian.
I am sorry, but you do need to define an Local Network Gateway in Azure to create a S2S VPN. Otherwise the S2S VPN connection doesn't know which host to connect to. If you have S2S VPN connections you've got to have defined LNGs.
If you use P2S (point to site) VPN, you're right, then you don't need to define a Local Network Gateway.
I have attached an screenshot of a S2S connection definition between an Azure subscription and my home office, in the image you'll see a marking box showing the LNG definition, please disregard the connection is not established. I suggest you have a look at your own subscription and post an image, if you still don't see it.
Apr 23 2021 04:37 AM
Apr 23 2021 08:30 AM - edited Apr 23 2021 08:33 AM
SolutionHi @KennethML and @ibnmbodji. Thanks for your continued discourse on this. After reviewing your image and comparing with my setup, I think I left out an important detail. My Azure VPN Gateway is based on a "classic" Service Model based-VNET, rather than ARM-based. Per this article , in the classic deployment model, the LNG is called a "Local Site" and so the portal interface is different than what you see. So, I think that's my answer and that difference in terminology was what was throwing me off. Thanks again for your help in getting me to the answer!
Brian
Apr 23 2021 08:30 AM - edited Apr 23 2021 08:33 AM
SolutionHi @KennethML and @ibnmbodji. Thanks for your continued discourse on this. After reviewing your image and comparing with my setup, I think I left out an important detail. My Azure VPN Gateway is based on a "classic" Service Model based-VNET, rather than ARM-based. Per this article , in the classic deployment model, the LNG is called a "Local Site" and so the portal interface is different than what you see. So, I think that's my answer and that difference in terminology was what was throwing me off. Thanks again for your help in getting me to the answer!
Brian