Jan 23 2022 06:43 AM
Hi There,
I wanted to setup a Express route gateway and VPN on my Virtual Network gateway. I have Hub and Spoke model, where I create one subnet "GatewaySubnet" on hub vnet, Can I able to create two Virtual gateway one for Express route and another for S2S VPN for 3rd Party partners / Supporting vendors / B2B and so on. Any reference link much appreciated.
As far I understand, generally Virtual Network gateway would be use either one for On-prem connectivity or VPN as fall back. But in this scenario
Express Route for ---> On-prem Connectivity
VPN for ---> 3rd party S2S VPN.
Jan 24 2022 12:47 AM
Jan 26 2022 11:43 AM
Thanks for your response.
Basically we wanted to achieve as shown in below:
With out forcing the traffic to PAFW I can successfully establish the tunnel. Spoke to Spoke communication also working as expected. But I wanted force the traffic PA first then pass on to VPNGW in order to establish the tunnel. Similarly from outbound after VPN lands on VPNGW it should be pass thru PAFW.
Jan 27 2022 12:59 AM
Have you implemented any User-defined routes here? I would suggest that your spoke subnets might need a default route where the next hop is the Virtual Appliance address of the firewall. The firewall in turn would then have a next hop of the VPN connection:
Some details on User Defined Routes here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Feb 04 2022 10:07 PM