I want to setup an Azure VNET with an Azure VPN Gateway. Then when I VPN into the gateway, I want to have outbound Internet access for P2S VPN from clients. I want this outbound Internet access to have a static IP.
This seems like a pretty simple thing to do, but very hard to figure out how to do it in practice. I opened a support ticket with Azure and they were no help at all.
Here is what I have tried so far:
- Created an Azure VNET with 1 subnet
- Created an Azure VPN Gateway in the same region and connected it to the VNET (bringing total subnets to 2)
--- Note that this VPN Gateway has its own subnet (which seems to be required) in the VNET
- Configured P2S connection with Azure AD auth on the VPN Gateway; configured this P2S to advertise all routes
- Installed Azure VPN Client software and imported configuration
- Configured an Azure Firewall on the VNET
- Setup a route table in the VNET from the core Subnet (not the VPN Gateway Subnet, which does not allow this) to the Azure Firewall
- Configured outbound Internet access for all source IPs to all destination IPs on all ports and protocols on the Azure Firewall
OK - so seems like then if I then VPN I should be able to access the Internet right? Unfortunately no, when I VPN I do get an IP, and I can ping the firewall private IP, but I cannot go to any websites, e.g. google.com.
Does anyone know where I am going wrong here? Any ideas would be greatly appreciated
