-1

Due to a VNet only allowing for a single static gateway, and my onprem location gateways not supporting route based VPNs, I want to see if this is poss.

  • Having a resources in a single vnet.
  • Create a new VNet for each policy based VPN, containing a static gateway.
  • Then VNet peer these Vnets into the one containing all the resources.
  • Use routing to direct traffic into each of the "spokes". As the "Use Remote Gateway" option is only allowed to be configured on a one of the VNet peerings.
felix001
  • 15,341
  • 32
  • 94
  • 121

1 Answers1

-1

Oh my, even if that thing works it will be horrific to maintain.

Just spin up a Linux VM with StrongSwan on-prem and IKEv2 to Azure:

conn azure
    authby=secret
    type=tunnel
    leftsendcert=never
    left=40.127.xxx.xxx
    leftsubnet=10.4.0.0/19,10.0.0.0/24 #Azure side
    right=172.31.22.44
    rightsubnet=10.1.0.0/16,192.168.3.0/24,192.168.4.0/24 #on-prem
    keyexchange=ikev2
    auto=start
evilSnobu
  • 24,582
  • 8
  • 41
  • 71
  • Problem is multiple sites have gateways so ideally need to make the change within Azure. – felix001 Oct 18 '16 at 09:20
  • Time to replace those devices. Else you introduce unnecessary complexity and risk which is a much worse business proposal than investing in a bunch of branch routers. I guess it's a business case rather than a technical one. – evilSnobu Oct 18 '16 at 15:31
  • This would all depend on the solution. Seems strange there is no better options – felix001 Oct 18 '16 at 18:42