How to advertise point to site address pool to on prem services

Question

We are looking to deploy autopilot in Azure and have point-to-site configuration enabled on a VPN Gateway.

The VNET that the VPN gateway is deployed is reachable from our on prem services via expressoute.

However the client point to site hosts are not able to reach the on prem services it needs to access to as the address

pool is not currently reachable. I was thinking to change the point to point address pool to a range within the VNET that VPN gateway is in but looks like that is not supported

For example Azure Supernet

10.138.128/19 > Reachable for On prem

VPN Gateway deployed into the vnet with point to site configuration with address pool : 10.220.220/24

When client clients to point to site it can currently reach the services it needs in Azure but not the on prem services it needs to complete auto pilot configuration

What is the best way to advertise the address pool client IP's so that it can reach the services it needs on prem

Answer 1

@Finbar Pimlott

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to use Azure as Transit between P2S Clients and OnPrem network.

Your case is documented here : One VNet and a branch office (BGP)

There are two requirements to be met here,

1. You must enable BGP for Azure VPN Gateway to Advertise the P2S address range to the OnPremise network
2. Manually add the OnPrem route to the P2S Client configuration file. (for Windows clients)

Advertise custom routes for P2S VPN clients:

• Via Portal
• By Modifying the XML File

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.