Reputation: 338
Coexistence between Azure P2S VPN and Expressroute
On microsoft azure i have a point to site VPN. The adress pool is 192.168.54.0/24.
I also have an azure virtual network and the adress space is 192.168.53.0/24. This virtual network is connected to my on-premise site by an expressroute (My on premise site network adress is 192.168.55.0)
When a user is connected to my P2S VPN, he can contact(ping, RDS,etc...) Virtual machine in the 192.168.53.0 network but can't contact the on-premise servers(192.168.55.0).
Does anyone has an idea?
Upvotes: 1
Views: 3210
Answers (2)
Reputation: 1
We do know that transit routing is possible when using P2S VPN and trying to connect to on-prem via a S2S VPN in some scenarios (if this S2S VPN is using BGP routing, and if routes on the client are manually added, see https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing). But this does not mention ExpressRoute.
As posted in Aldwen's answer, (https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations) MS do state that Transit routing is not supported for ExpressRoute, but it only mentions for the connection via a Site-to-Site VPN - unfortunately this does not definitively state that Transit routing is not possible when using P2S VPN.
However, Microsoft Azure Virtual WAN solution (see https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about), does support multiple different transitive routing scenarios - "These functionalities include Branch connectivity.., Site-to-site VPN connectivity, Remote User VPN (Point-to-site) connectivity, Private (ExpressRoute) connectivity, Intra cloud connectivity (Transitive connectivity for Virtual Networks), VPN ExpressRoute Interconnectivity, Routing, Azure firewall, Encryption for private connectivity etc." So my reading here is that Azure Virtual Wan will support all these transitive routing scenario's to allow the transitive routing for P2S and S2S and ExpressRoute, and will indeed allow P2S VPN to access on-prem via ExpressRoute as per the OP's scenario.
Upvotes: 0
Reputation: 338
According to the documentation and microsoft azure assistance, this kind of communication is not supported.
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#limits-and-limitations
"Transit routing is not supported. You cannot route (via Azure) between your local network connected via Site-to-Site VPN and your local network connected via ExpressRoute."
Upvotes: 1
Related Questions
- azure site-to-site-vpn does not let traffic through
- Azure Firewall & VPN/ExpressRoute UDRs
- Azure ExpressRoute via Vnet
- How to use another machine within Azure P2S VPN as a gateway?
- Routing traffic in Azure VPN
- P2S connections with Azure Express Route
- Connectivity between two site to site VPN connections connected to Azure VPN gateway
- Azure Point-to-site VPN routing
- Connecting an Azure virtual network to an external VPN gateway
- Azure and Site to Site VPN