Hi,
We have a VPN connection between Azure and our local VPN/gateway. Locally, we have 3 subnets: one Server LAN, and two Client LANs.
Currently, there’s a site-to-site VPN between Azure (10.0.0.0 /16) and the on-prem Server net (192.168.1.x). This allows on-premise servers to communicate directly over the VPN with VM’s in Azure. What I would like is for the clients (192.168.0.x and 10.30.x.x) to also be able to communicate with Azure over the VPN.
If I do a Route Print on a client, it doesn’t have a direct route to the Azure network, but I believe it should be able to reach it via the default gateway?
However if I do a Get-AzureEffectiveRouteTable on the VM’s in Azure, they only have a route to 192.168.1.0/24, then they actually have a Null route for 192.168.0.0/16 and 10.0.0.0/8. So Azure doesn’t have a route back to the on-prem subnets other than 192.168.1.0/24.
I’ve been trying to find out what configuration I need to perform, but most guides talk about multi-site VPN or creating multiple VPN tunnels. I believe this shouldn’t be necessary since all the on-prem subnets can already reach each other and the VPN gateway which is already connected to Azure? Or is a multi-site VPN still necessary to connect all 3 subnets with Azure?
It’s called having multiple phase - two selectors configured on your tunnel in your device. (One per subnet) In Azure you specify the additional subnets in the Local networks section.
In Azure you have to define what networks can be found at the remote side (i.e. on-premises).
You probably just need to edit your LocalNetworkGateway address space to add 192.168.0.X and… oops, 10.30.x.x overlaps with what you have in Azure, so you might not be able to add that one after all.
If you are on classic, edit the network configuration and add the 192.168.0.X (I guess it’s a /24?) network to the config where it’s relevant.
You can add it manually, but also that local network option there is a drop-down list because those are the ones you’ve configured in the local networks tab (outside the S2S configuration).
You’ve configured those two address spaces separately, as two different local networks. Treat them as one local network with two address spaces.