0

We have single subscription with single vnet in azure which has site to site vpn connection between different branch office. Connectivity is working fine with all branch’s and azure.

Now we have a requirement to setup point to site vpn connectivity where users will dial into azure gateway(we have a flat vnet no hub and spoke) and access azure and on prem. We have deployed azure gateway and setup point to site configuration. Users are able to access azure resources(VM) when they dial into vpn But not able to access on-prem resources.

Onprem -> meraki(deployed in azure) -> azure gateway(deployed on same vnet as meraki) -> windows 10 connected to azure gateway(point to site vpn)

vsanjivaiah
  • 13
  • 2
  • Welcome to https://stackoverflow.com/. For any specific problem you are having please include a https://stackoverflow.com/help/minimal-reproducible-example. Please also read https://stackoverflow.com/help/how-to-ask and https://stackoverflow.com/help/dont-ask. Make sure that your questions are specific and not overly broad, see also https://stackoverflow.com/help/on-topic. Also, be sure to take the https://stackoverflow.com/tour (you get a badge!). – Daniel Björk Jul 27 '20 at 07:07
  • Make sure you have activated Allow gateway transit on your Gateway. https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/#:~:text=Create%20or%20update%20the%20virtual,Select%20OK – Daniel Björk Jul 27 '20 at 07:09
  • We have a flat network in azure. For that we do not require to create vnet peering and configure gateway transit. – vsanjivaiah Jul 28 '20 at 05:31
  • 1
    ah in that case You need to and the route manually on the clients. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#one-vnet-and-a-branch-office-bgp – Daniel Björk Jul 28 '20 at 06:15

1 Answers1

0

As @daniel-björk points out, in the similar case of One VNet and a branch office (BGP), you need to manually add the route to your on-premise site to your Windows client. The non-Windows clients do not have such requirements. Also, the Azure VPN gateway should enable BGP and the site to site VPN connection is running BGP.

enter image description here

Nancy
  • 26,865
  • 3
  • 18
  • 34