-2

topology

Hello everyone, i have a general networking question about an infrastructure described at the scheme above.

We have multiple sites connected at the HQs via Site2Site VPN using zyxel zywall routers/fw .

Each site has 1 lan like this: site 1: 192.168.1.X/24 site 2: 192.168.2.X/24 site 3: 192.168.3.X/24 HQ: 192.168.10.X/24

I want to connect a server machine from site 1, site 2 and site 3 to a cloud infrastructure using Point2Site VPN.

Is it possible to have point2site VPN(server machine to azure) from a site that already has site2site vpn connection at the same time?

Do i have to create a separate network for the server that will be connected with p2s at azure?

I hope that my post is clear and understandable. feel free to ask me anything.

Thanks in advance!

haris013
  • 3
  • 3

1 Answers1

1

The answer is Yes, assuming a couple of things.

  1. The routing at Site 1 allows traffic to enter from one VPN and leave from another (sometimes called hairpinning).
  2. You configure your routing at each site to reach traffic at all other sites (and the cloud). In other words, in your hub and spoke network, you need spoke to spoke connectivity.
  3. The server(s) at Azure will need to have their own subnet. You can use 192.168.4.x/24, or anything else that makes sense to you.
Ron Trunk
  • 2,159
  • 1
  • 11
  • 19
  • hmm, every site i want to have a separate p2s connection at azure(i didn't draw it sorry). The reason i want a p2s connection from every site to azure is because every site will have RODC and the primary DC is at azure already. The servers at azure have their own subnet (10.10.0.X) – haris013 Apr 09 '19 at 19:24
  • I have updated the diagram, so the 3 steps above are still valid for a separate p2s from every site to azure? – haris013 Apr 14 '19 at 16:31
  • Number two is not important with your updated diagram but the answer is still yes – Ron Trunk Apr 14 '19 at 21:13
  • the on premise sites have a stable conectivity with the HQ and between them(s2s). If i just connect a server from site 1 (p2s ) to azure without any routing adjustment, will i have any problems/conflicts? the azure infrastructure has its own subnet. A computer that is already joined at a site2site network, is to possible to have a p2s conection simultaneously to azure? – haris013 Apr 16 '19 at 17:03