1

I have 2 scenario's that I am trying to solve in my Azure network environment. In both scenario's OnPrem-branch1 needs to connect to OnPrem-branch2 via my own Azure virtual network. I have Azure Site2Site VPN tunnels to each OnPrem branch from one of my Vnets in Azure. Note: There are multiple branches hence the 2 case below.

Case 1:

OnPrem-branch1 <--- Azure S2S VPN ---> Azure Vnet <--- Azure S2S VPN ---> OnPrem-branch2

Both branches are connected to my Vnet using the same Azure VPN Gateway. How can I link the 2 branches together?

Case 2:

OnPrem-branch1 <--- Azure S2S VPN ---> Vnet1 <--- ? ---> Vnet2 <--- Azure S2S VPN ---> OnPrem-branch2

In this case I have an old Vnet1 that has a S2S connection to branch one. And a newer Vnet2 connected via S2S to branch2. I can using Azure Networking peering to connect to the 2 Vnets, but will branch1 be able to reach branch 2 going through 2 Vnet's? Or do I need to setup a Vnet-to-Vnet VPN to connect the Vnets instead of Network Peering?

The new VPN Gateway is VpnGw1-series generation1 so I can apply the new NAT-feature (when upgrading to VpnGw2)

user2713516
  • 155
  • 1
  • 1
  • 12
  • I think it would help to know how many branches you actually have, and how far away they are from each other. – Louis Waweru Mar 08 '22 at 23:25
  • There is 1 branch that needs to connect to N-number of branches through the VNET. The focus is on Case 1 though, perhaps Case 2 is a bit of a reach – user2713516 Mar 09 '22 at 18:34
  • Sorry, I just feel like there are a million things to say. I think one idea you might not hear is that if the focus is case 1 would it be worth investigating if you canshrink the subnet sizes of each vnet so that they all fit in he same subnet, moving them if you have to adding NICs, etc if necessary. The other options just go up in price. – Louis Waweru Mar 09 '22 at 23:48
  • Shrink subnets in the same vnet if possible is the free example I wanted to comment on. Otherwise, yes peering is a good idea – Louis Waweru Mar 11 '22 at 18:16
  • Thanks, I'll go do some testing and see if it works. The reason I asked the question is because I'm skeptical Azure Gateway VPN's will forward outside (onprem) traffic through 2 vnets (peered). – user2713516 Mar 14 '22 at 11:43
  • @user271356 How urgent is this? I could mock up some proof of concepts in Azure and share access with you of the various ways to do it with an aversion to cost. And I can show you the more common and pricey ways. – Louis Waweru Mar 15 '22 at 04:10
  • Hi Louis, thank you for the offer, but I think it won't be needed for now. In my case the OnPrem devices are customer devices that I have little insight into and control over, so a full mockup is hard to do. The first case seems to be working now but the 2nd case is blocked by the NAT-rules not working (other question). Perhaps this question can be closed. – user2713516 Mar 16 '22 at 06:49

0 Answers0