Reputation: 17
Azure Site to Multisite VPN deployment
I would like to place a virtual machine accesible from several branch offices via VPN. As long as I have read and tested, I can stablish a site-to-site VPN keeping in mind the local IP address space (of the branch office), the public IP address (of the same branch office), and, once the configuration is done with a subnet for the gateway, we'll get the "virtual" gateway IP and preshared key (of the virtual network) to terminate this VPN on the branch office peer.
But, what if I want to connect another branch office? I don't know whats the "best practice" to deploy this scenario. I have tried to add a local network and attach it to the existing virtual network but I couldn't. As far as I have seen you only can attach one local network per connection and, besides that, I can only support one preshared key. If so, which is the normal practice? I should create a new VPN/VitualGateway per branch? Then, using different Virtual Gateways, the Virtual Machine will keep being routable through the different tunnels?
Upvotes: 0
Views: 3783
Answers (3)
Reputation: 11
Sorry. It's not possible. If you read all the links then you will see that it refers to running RRAS on prem. Not in Azure. In fact the video at 8:06 says that it's not possible but lots of people are asking for it so stayed tuned.
Upvotes: 1
Reputation: 439
This scenario is possible.
You could implement a Site-to-Site VPN for multiple sites using a software endpoint on a VM in Azure (such as RRAS). You would just need to dedicate a VM in Azure to support the configuration (additional VMs for failover). You could still use the hardware endpoints at each site to control the routes and provide the connectivity that you require.
Check out this blog post that details the process using 2012 and Azure
Also it appears that Microsoft directly supports the RRAS approach, although I believe the examples below are limited to the 1 site connection - As seen here and also here
Other references for multi-site connections - Reference #1 - Reference #2 - Reference #3 - Skip to 8:06 where this is discussed.
Upvotes: 0
Reputation: 588
Microsoft has just released updates to Azure which will support the scenario you are wanting to accomplish. The release was just done last week.
Upvotes: 1
Related Questions
- Multiple Site to Site VPN Connections on Azure
- azure site-to-site-vpn does not let traffic through
- AWS to Azure connectivity: How to setup the Site to site connectivity?
- Azure Site to Site vpn
- Routing traffic from the point to site to vnet to vnet vpn gateway
- Connectivity between two site to site VPN connections connected to Azure VPN gateway
- Azure Point-to-site VPN routing
- Using new Azure portal for Point-To-Site Connection
- Azure and Site to Site VPN
- Site-To-Site VPN between different Azure sites?