I have established s2s vpn with azure vnet and on premise rras. I want all azure traffic to go through rras including internet. I have tried adding user defined route to send all traffic to rras but rras is not forwarding the traffic to internet. RRAS server have one nic in our DMZ which is also vpn endpoint and can reach the internet itself.
Asked
Active
Viewed 313 times
0
-
can you post your route tables? if on the azure side 0.0.0.0 is pointed at on prem and the traffic is making it there the problem is likely on prem. – Jim B Mar 29 '19 at 02:50
-
on rras server there is static route for azure vnet and all other traffic goes to the default gateway and out to the internet from there. If rras receives traffic from azure vnet it should also be sent out via default gateway ? – Mat Apr 01 '19 at 19:09
-
I'm not positive that traffic that ends up on the RRAS server, goes to the default gateway, but first is to make sure that azure internet traffic ( which involves setting up forced tunneling - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm ) is hitting the RRAS server. – Jim B Apr 01 '19 at 21:00
-
forced tunnelling is set up, its just a route for all traffic to vitual network gateway and azure network watcher next hop shows it is sending all internet bound traffic to virtual network gateway. So The traffic is getting at the other end of the tunnel which is RRAS nic. – Mat Apr 02 '19 at 20:44
-
forced tunneling was missing a powershell command. Now traffic is getting through rras server but is being blocked after hitting the gateway of local subnet. It should be because we do not do NAT. – Mat Apr 06 '19 at 18:37
-
https://social.msdn.microsoft.com/Forums/en-US/61ccfc3f-0b59-4a60-b863-eb01dd55234b/azure-site-to-site-vpn-with-rras-and-forced-tunneling?forum=WAVirtualMachinesVirtualNetwork#3e376824-db36-48a9-a44c-03bbea7aaede – Mat Apr 25 '19 at 11:05