Apr 20 2022 06:06 AM - edited Apr 27 2022 08:15 AM
Hello Community,
I have this architecture HUB and Spoke with Forced Tunneling applicated.
I need your propositon for the routes tables and the routes for every part.
Thanks
Apr 26 2022 12:16 AM
Solution
Hi Ensure that you have the proper peering enabled
hub-to-spoke A with gateway transit
spoke A-tohub : Default + Use this virtual network's gateway or Route Server
hub-to-spoke B with gateway transit
spoke B-tohub : Default Use this virtual network's gateway or Route Server
If you want the incoming traffic (from the gateway ) to be filtered by the firewall attach a route table to the gateway subnet with the routes
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Ensure also that proper routes are present in spoke route tables
Route Table associated to Subnet Spoke A
Adress Prefix 10.0.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunelling)
Route Table associated to Subnet Spoke B
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunneling)
Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall privat
Adress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Read the full doc for forced tunneling if needed : https://docs.microsoft.com/fr-fr/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
Apr 26 2022 06:21 AM - edited Apr 26 2022 06:27 AM
Hello Ibrahima,
Thank you for your reply and assistance.
1-Can you confirme that for the :
** Route table attached to gateway subnet ( disable_bgp_route_propagation = true)
** All Route tables for the spokes ( disable_bgp_route_propagation = false)
2- You use the address space /16 and not the subnet /24 for every spoke in the routes ? Just to confirm that.
Thanks
Apr 26 2022 06:34 AM
Apr 26 2022 10:29 AM
May 04 2022 04:25 AM
Apr 26 2022 12:16 AM
Solution
Hi Ensure that you have the proper peering enabled
hub-to-spoke A with gateway transit
spoke A-tohub : Default + Use this virtual network's gateway or Route Server
hub-to-spoke B with gateway transit
spoke B-tohub : Default Use this virtual network's gateway or Route Server
If you want the incoming traffic (from the gateway ) to be filtered by the firewall attach a route table to the gateway subnet with the routes
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Ensure also that proper routes are present in spoke route tables
Route Table associated to Subnet Spoke A
Adress Prefix 10.0.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 10.1.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunelling)
Route Table associated to Subnet Spoke B
Adress Prefix 0.0.0.0/0
Next Hop Type : Virtual Network Gateway (forced tunneling)
Adress Prefix 10.2.0.0/16
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall privat
Adress Prefix 192.168.0.0/24
Next Hop Type : Virtual Appliance
Next Hop IP address : Firewall private IP
Read the full doc for forced tunneling if needed : https://docs.microsoft.com/fr-fr/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm