1

I'm looking for a solution where I need establish another VPN gateway separate to the one I have in hub and spoke Architecture. I would need something like this on the diagram bellow. It seems that Azure does not support that. When I try to deploy extra VPN GW I'm getting message that this is not possible because peering with gateway transit exists. Does any one have Idea how to achieve something like this ? I'm googling for quite some time and can't find anything. Required Azure Network

  • Did you happen to check this https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli – JayakrishnaGunnam-MT Oct 19 '21 at 04:27
  • I have to say the AZURE docs do not address this well. – thebluephantom Nov 13 '21 at 10:25
  • We turned off gateway-transit to hub and we use bastions on hub to access desired spoke were our customer resides. We tried to use pfsense but due to lack of physical assigment of public ip on the host it is were problematic to use it - route tables on Azure are very poor too so turning off transit was the only option for us. – azureMaster44 Jan 03 '22 at 13:00

1 Answers1

0

Found an MS document that can help you add additional Site-to-Site (S2S) connections to a VPN gateway that has an existing connection. This architecture is often referred to as a "multi-site" configuration. You can add a S2S connection to a VNet that already has a S2S connection, Point-to-Site connection, or VNet-to-VNet connection. There are some limitations when adding connections. Check the Prerequisites section in this article to verify before you start your configuration.

Prerequisites

• You are not configuring a new coexisting ExpressRoute and VPN Gateway configuration.

• You have a virtual network that was created using the Resource Manager deployment model with an existing connection.

• The virtual network gateway for your VNet is RouteBased. If you have a PolicyBased VPN gateway, you must delete the virtual network gateway and create a new VPN gateway as RouteBased.

• None of the address ranges overlap for any of the VNets that this VNet is connecting to.

• You have compatible VPN device and someone who is able to configure it. See About VPN Devices. If you aren't familiar with configuring your VPN device, or are unfamiliar with the IP address ranges located in your on-premises network configuration, you need to coordinate with someone who can provide those details for you.

• You have an externally facing public IP address for your VPN device.

Would suggest you follow this MS document to configure a connection

RahulKumarShaw
  • 4,192
  • 2
  • 5
  • 11