Azure Bastion with UDR VNet Peering override

Arjen Gerritsen 41 Reputation points
2022-09-16T12:04:54.607+00:00

Hi,

Azure Bastion works fine in Peered Virtual Networks in a Hub-and-Spoke configuration, even with an User Defined Default Route (UDR) to send traffic over a Network Virtual Appliance (NVA) acting as firewall (UDR: 0.0.0.0/0 -> NVA). However to control the traffic between spoke, de system route between peered networks must be overriden by another UDR send traffic to the firewall first, rather than directly to the peered network (UDR: SpokeVNET -> NVA). Once this override UDR is in place, Bastions do not work any more between these (formely) peered networks. Would there be an hidden private IP address space that need to be added to the UDR in order to make this work?

241863-bastionissue.jpg

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
258 questions
0 comments No comments
{count} votes

Accepted answer
  1. msrini-MSFT 9,281 Reputation points Microsoft Employee
    2022-09-16T16:11:12.093+00:00

    Hi,

    I would suggest you to add Longest Prefix match (Instead of adding the entire address space of the VNET, try adding the exact subnet IP in the UDR) and check if the connectivity works.

    If this didn't work, drop an email to msrini@microsoft.com, lets have a quick call to debug this further.

    Regards,
    Karthik Srinivas


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.