Join Log in
Score:1
user2713516 avatar Server

How to forward traffic from 2 On-prem branches to eachother via Azure VPN Gateway

in flag
user2713516

I have 2 scenario's that I am trying to solve in my Azure network environment. In both scenario's OnPrem-branch1 needs to connect to OnPrem-branch2 via my own Azure virtual network. I have Azure Site2Site VPN tunnels to each OnPrem branch from one of my Vnets in Azure. Note: There are multiple branches hence the 2 case below.

Case 1:

OnPrem-branch1 <--- Azure S2S VPN ---> Azure Vnet <--- Azure S2S VPN ---> OnPrem-branch2

Both branches are connected to my Vnet using the same Azure VPN Gateway. How can I link the 2 branches together?

Case 2:

OnPrem-branch1 <--- Azure S2S VPN ---> Vnet1 <--- ? ---> Vnet2 <--- Azure S2S VPN ---> OnPrem-branch2

In this case I have an old Vnet1 that has a S2S connection to branch one. And a newer Vnet2 connected via S2S to branch2. I can using Azure Networking peering to connect to the 2 Vnets, but will branch1 be able to reach branch 2 going through 2 Vnet's? Or do I need to setup a Vnet-to-Vnet VPN to connect the Vnets instead of Network Peering?

The new VPN Gateway is VpnGw1-series generation1 so I can apply the new NAT-feature (when upgrading to VpnGw2)

31
0 + 0
vpn
cn flag
Louis Waweru
I think it would help to know how many branches you actually have, and how far away they are from each other.
0
Reply
user2713516 avatar
in flag
user2713516
There is 1 branch that needs to connect to N-number of branches through the VNET. The focus is on Case 1 though, perhaps Case 2 is a bit of a reach
0
Reply
cn flag
Louis Waweru
Sorry, I just feel like there are a million things to say. I think one idea you might not hear is that if the focus is case 1 would it be worth investigating if you canshrink the subnet sizes of each vnet so that they all fit in he same subnet, moving them if you have to adding NICs, etc if necessary. The other options just go up in price.
0
Reply
cn flag
Louis Waweru
Shrink subnets in the same vnet if possible is the free example I wanted to comment on. Otherwise, yes peering is a good idea
0
Reply
user2713516 avatar
in flag
user2713516
Thanks, I'll go do some testing and see if it works. The reason I asked the question is because I'm skeptical Azure Gateway VPN's will forward outside (onprem) traffic through 2 vnets (peered).
0
Reply
cn flag
Louis Waweru
@user271356 How urgent is this? I could mock up some proof of concepts in Azure and share access with you of the various ways to do it with an aversion to cost. And I can show you the more common and pricey ways.
0
Reply
user2713516 avatar
in flag
user2713516
Hi Louis, thank you for the offer, but I think it won't be needed for now. In my case the OnPrem devices are customer devices that I have little insight into and control over, so a full mockup is hard to do. The first case seems to be working now but the 2nd case is blocked by the NAT-rules not working (other question). Perhaps this question can be closed.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.