1

I am attempting to route internet traffic from a Japan VM, running Windows Server 2022 over a peered vnet to East US with a Windows Server 2022 VM using RRAS. Esentially force tunneling without a S2S requirement

The configuration is as follows Japan Vnet > Vnet peering connection > EastUS2 vnet > internet is esentially what I want. I have a server in useast configured with RRAS and it routes traffic over the site to site tunnel fine (Example: onprem network is 10.0.8.0, this works fine from Japan going through the VM in USEast over vnet peering), but getting it to route internet traffic is not working.

I configured a static route using azure route tables for the japan server to 0.0.0.0/0 to the IP of the azure useast server, simlar to how i configured a static route for having the japan server connect to on-prem over the vnet. But this just causes a loss of internet, and I have to remove the route. vnet to vnet traffic continues to work.

I also tried setting the gateway on the NIC of the Japan server to the IP of the USEast2 system. Also did not work.

I do not want to use the S2S tunnel. I simply want the Japan server to use the internet from the USEast2 vnet.

Magoogle
  • 11
  • 1

1 Answers1

0

Created two virtual machines peered vnet to Japan vm to west us:

enter image description here

Enable IP forwarding in East US and change private Ip address allocation to static this allows the RRAS server to forward traffic between the peered Vnets.

enter image description here

Installed RRAS server in East us make sure to add new static route in destination -> Japan vnet IP address, gateway -> you can find gateway address using cmd ipconfig.

enter image description here

enter image description here

Now configure UDR (User-Defined Route) on the Japan VM route table with the destination as 0.0.0.0/0 and the next hop as the IP address of the NIC of the Windows Server 2022 VM in East US and add subnet under the setting.

enter image description here

Make sure in windows defender firewall turned off like below:

enter image description here

The Japan VM should be able to route its internet traffic via the RRAS server in the East US VNet successfully:

enter image description here

Reference:

Use Azure VPN Gateway To Route Traffic Between Spoke Networks - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - by Cloud & CyberSecurity

Imran
  • 3,875
  • 2
  • 3
  • 12
  • This is how I have it configured. However I did have the route for the Japan network in RRAS set as the Japan gateway instead of the US gateway. I corrected that, but still the internet is dropped, and I can no longer ping once the 0.0.0.0/0 route is created. – Magoogle Aug 04 '23 at 13:42
  • Configure the NAT interface in East US. This interface should be connected to the VNet and have a private IP address. Create a new NAT policy in East US. The source address should be the IP address of the Japan VM, and the destination address should be any. – Imran Aug 04 '23 at 13:55
  • If you are still experiencing issues, Ensure NAT interface in East us correctly NAT interface should be connected to the VNet and have a private IP address. Check the network security group (NSG) rules on the subnets of both the Japan VNet and the East US VNet to ensure that they are not blocking traffic. You may need to add NSG rules to allow traffic to flow between the subnets. – Imran Aug 04 '23 at 13:55