Forum Discussion
IP overlap restriction for S2S vpn - really?
Hello,
I'm new to Azure, so I'm sure I'm missing the reason for this restriction, but thus far, I have not found a good description of why it exists.
I'm trying to spin up a VPN connection between my traditional/on-prem network and an Azure deployment. I've allocated a largeish range from 1918 10/8 space to break up for Azure subnets. Then, it seems perfectly reasonable to set 10.0.0.0/8 as one of the networks configured on the local network gateway. Multiple posts have indicated that this condition cannot exist, but I'm very much struggling to see why. Why shouldn't Azure perform longest match routing?
Thanks for any high-level smacks-upside-the-head to set me straight.
H
1 Reply
- You can't have overlapping IP ranges out of the box, without using a third party Network Virtual Appliances uses an Extended network using a bidirectional VXLAN tunnel, otherwise Azure doesn't know how to route the traffic.
It is recommended to have a completely different address space and re-IP workloads as appropriate.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Take a look at the Azure Virtual Network Capacity Planner - may be of interest as you plan: https://vnetplanner.chunliu.me
