Reputation: 31
Connect directly to resources in an Azure virtual network via another Azure virtual network
I'm testing using two Azure vnets in separate regions connected by a VNET to VNET connection and a point to site VPN into one of them. Kind of like this:
------------------- VPN --------- ---------
| Client Computer | -------> | VNET1 | -----> | VNET2 |
------------------- --------- ---------
10.1.0.0/24 10.0.0.0/24
Is it possible to directly access a computer/resource in VNET2 from the Client Computer, effectively routing via VNET1?
I found this article http://hindenes.com/trondsworking/2016/08/07/azure-vnet-peering that shows it can be done using the relatively new peering functionality but this doesn't work cross-region unfortunately.
I'd be grateful for any advice.
Upvotes: 0
Views: 498
Answers (2)
Reputation: 31
Ok, so I finally got it working. I was previously using a VNET to VNET connection between VNET1 and VNET2 but I ended up swapping it out for a Site to Site connection. This type of connection uses Azure's 'Local Network Connection' resources which appear define the routes based on the addresses you specify when setting them up.
Adding a Route Table to the subnet, even if you don't add any routes, is really useful here since it allows you to use the 'Effective routes' function under 'Support + Troubleshooting' to view the route tables for your network.
Anyway, I followed the advice in this blog post https://www.altitude365.com/2016/04/26/azure-p2s-vpn-how-to-route-between-vnets which was pretty much the setup I was trying to achieve. The key appears to be the adding of the P2S VPN range to VNET2 and, obviously, altering the routes on your client. I also found this article that explains how to re-package the VPN client for distribution https://msfreaks.wordpress.com/2015/12/11/building-an-azure-lab-customizing-the-p2s-point-to-site-vpn-client.
I'd still be interested to see if this can work using a VNET to VNET connection but I've so far been unsuccessful.
@MichaelB thanks for your help. Your answer regarding the routing pointed me in the right direction.
Upvotes: 2
Reputation: 12228
------------------- VPN --------- ---------
| Client Computer | -------> | VNET1 | -----> | VNET2 |
------------------- --------- ---------
192.168.0.0/16 10.1.0.0/24 10.0.0.0/24
You would need to have a route table on Vnet1 that has 10.0.0.0/24 and 192.168.0.0/16 that both point to the virtual network gateway.
From there the virtual network gateway will decide where to route traffic.
More generically, you create a route table on a subnet to determine where traffic that originates in that subnet should be directed.
Upvotes: 3
Related Questions
- Routing traffic between VNets in Azure
- How to use Azure VPN as a proxy gateway
- Private endpoint with virtual network gateway
- Routing traffic from the point to site to vnet to vnet vpn gateway
- Access an App Service integrated with a Virtual Network from other Azure resources
- Accessing resources from connected Azure VNETS via VPN
- Azure gateway with a virtual network
- Azure - Routing traffic through peered VNets
- Azure Point-to-site VPN routing
- Connecting an Azure virtual network to an external VPN gateway