Share via

Multiple Point to Site VPN to one network

Gavin Stevens 21 Reputation points
2020-07-17T20:47:33.963+00:00

I have multiple customers that would like to access a private IaaS resource via a Point to Site VPN. The existing resource lives in a 10.1.0.0/16 VNET in a 10.1.0.0/24 Default subnet.

I want to allow multiple customers to use a VPN (P2S) client to connect to this resource.

It seems I can only have one subnet named "Gateway Subnet" in each VNET.

So, Does each client need its own small VNET with a GatewaySubnet and VNET Peering to reach the VM?

What are my options here? Is there any reference architecture for this ?

It seems I can only have one Gateway subnet in each VNET, so do I need to create a VNET / Gateway for each client and then use Peering to connect to the private VNET ?

Thanks,
Gavin

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,450 questions
0 comments
Accepted answer
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2020-07-17T23:05:15.767+00:00

    Although a VNET can only have 1 VPN Gateway, you can connect multiple devices via P2S VPN to that Gateway.

    To answer your question of what to do, you have 2 main options:

    1) Connect clients to the P2S VPN in your existing VNET. This is the easiest option.

    2) have clients connect to other VNETs via P2S, and peer those VNETs with your existing VNET. You will not be able to have a VPN Gateway in your existing VNET in this scenario. Also, clients connected to different virtual networks will not be able to directly communicate with each other, so this will have better security.

    You might also be able to find a 3rd party NVA that can accomplish part of this.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest