cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Connecting a VNET with multiple VPN Gateways (one basic VPN GW and one VPN GW1)

Tom_Cenens
Copper Contributor

‎Aug 01 2019 06:56 AM

‎Aug 01 2019 06:56 AM

Connecting a VNET with multiple VPN Gateways (one basic VPN GW and one VPN GW1)

Dears

 

I have set up a new Azure environment that needs to be connected to multiple sites (multiple offices and Amazon AWS). One of those offices uses a Sophos UTM9 router which doesn't support route based Virtual Network Gateway on Azure. So for that site, only policy based VPN connectivity is possible which equals a Basic Virtual Network Gateway on Azure.

 

The other sites do support Route Based VPN connectivity.

 

So at the moment I have three VNETs:

 

VNET one with a Gateway Subnet - Basic VPN connected to our office

VNET two with a Gateway Subnet - Route based (VPN GW1) connected to our Amazon AWS environment - which I will later on also use to connect to other offices that support Route Based connectivity

 

VNET three with an application 

 

I want to connect VNET three with VNET one and VNET two and have bidirectional traffic going so offices/sites connected to VNET one can access the application on VNET three and send traffic back also and so that offices/sites connected to VNET two can also access the same application on VNET three and send traffic back.

 

I don't see right now how I can achieve this.

 

Can someone confirms my thoughts here or tell me where I'm wrong and explain what options I have in the end?


This is what I think I have found so far:

 

VNET peering is only possible (with remote gateway / transit options) once between two VNETS - I cannot have VNET peering between VNET one and three and VNET two and three in that sense.

 

VNET-to-VNET connectivity is an issue because VNET one has a basic VPN Gateway which only allows one connection. I can also only have one Network Gateway defined within a VNET, where you can have only one Gateway Subnet so this prevents using VNET-to-VNET connectivity between the different VNETs in the end.

 

If I use VNET peering to connect VNET one and VNET three which works fine, then I cannot set up VNET-to-VNET connectivity between VNET two and VNET three because of the VNET peering that exists on VNET three.

 

So I'm not sure how I should be overcoming this in terms of architecture / connectivity. I don't really want to go create Virtual Machines to get this connectivity going properly which might be an alternative I think to get this kind of configuration to work.

 

One option could be to replace our office VPN router and instead of using Sophos UTM9 go for a VPN router that allows IKEv2 and thus allows route based connectivity to Azure.

 

Best regards

 

Tom

Labels:
6,616 Views
0 Likes
2 Replies
Reply
2 Replies
Tom_Cenens

‎Aug 04 2019 12:55 PM

‎Aug 04 2019 12:55 PM

Re: Connecting a VNET with multiple VPN Gateways (one basic VPN GW and one VPN GW1)

Worked around it be creating a policy based VPN tunnel to Amazon AWS and using a transit gateway to connect through to Azure since this connection is for maintenance/support purposes. Latency is acceptable so far so I’ll stick to this solution for the time being. On Azure I’ve got VPN’s connected on a GWvpn1 type gateway.
0 Likes
Reply
rmi_j

‎Aug 06 2019 02:42 AM

‎Aug 06 2019 02:42 AM

Re: Connecting a VNET with multiple VPN Gateways (one basic VPN GW and one VPN GW1)

@Tom_Cenens  Route based vpn is the way to go for these connectivity requirements. 

0 Likes
Reply