Hub & Spoke network Architecture With Azure P2S VPN

Question

Hub & Spoke network Architecture With Azure P2S VPN

Abdullah Alattar 97

I 3 virtual network, 1 as Hub 2 as Spoke, in the Hub VNet i created VPN gateway(basic) with P2S configuration. I peered the 2 spoke networks with the Hub network and I enabled gateway transit for VNet peering. the Hub could communicate with both of the Spoke networks. I could communicate with Hub network via VPN. But I could not reach both of the spoke virtual networks via VPN. The current environment is as follow: On-premise-->Hub VNet ----> Spoke VNets.
Please advise.

risolis 8,741 Reputation points

2023-04-12T03:59:56.6833333+00:00
Hello @Abdullah Salem Thank you for posting this concern on this community space. I have read your whole case scenario description and I just wanted to ask few questions down below:

Is this a Site-to-Site VPN or Point-to-site VPN?

Did you check the route table from the VM's hosted on each Spoke Vnet where they are hosted?

Did you set up any NVA (Network Virtual Appliance on the HUB Vnet?

Did you set up a UDR (User Defined Route) to override the default routing behavior which is System Routes?

I hope that will be helpful for you. Looking forward to your feedback, Cheers, Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Abdullah Alattar 97 Reputation points

2023-04-12T06:14:09+00:00
It is point-to-site VPN.

i checked routing table on each VM,

i have not setup any NVA on the HUB Virtual network,

I have not setup UDR
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2023-04-14T05:03:54.77+00:00

@Abdullah Alattar

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how

Accepted answer

1 additional answer

Your answer

risolis 8,741 Reputation points

2023-04-12T03:59:56.6833333+00:00

Hello @Abdullah Salem Thank you for posting this concern on this community space. I have read your whole case scenario description and I just wanted to ask few questions down below:

Is this a Site-to-Site VPN or Point-to-site VPN?

Did you check the route table from the VM's hosted on each Spoke Vnet where they are hosted?

Did you set up any NVA (Network Virtual Appliance on the HUB Vnet?

Did you set up a UDR (User Defined Route) to override the default routing behavior which is System Routes?

I hope that will be helpful for you. Looking forward to your feedback, Cheers, Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Abdullah Alattar 97 Reputation points

2023-04-12T06:14:09+00:00

It is point-to-site VPN.

i checked routing table on each VM,

i have not setup any NVA on the HUB Virtual network,

I have not setup UDR
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2023-04-14T05:03:54.77+00:00

@Abdullah Alattar

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how

Answer 1

KapilAnanth-MSFT 49,616 Microsoft Employee Moderator

@Abdullah Alattar Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well. I understand that you would like to establish communication between Spoke VNets and the OnPrem via the Hub VNet. Can you please confirm if you have enabled VPN gateway transit for virtual network peering

Make sure you check Use this virtual network's gateway or Route Server in the peering from HubVnet side
And, check Use the remote virtual network's gateway or Route Server in the peering from SpokeVnet side
From the VMs of the SpokeVnet's subnet, kindly make sure you do not have any route table attached

Thanks, Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Abdullah Alattar 97 Reputation points

2023-04-12T06:12:11.33+00:00

Yes I have enabled VPN gateway transit for virtual network peering
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2023-04-12T06:49:02.48+00:00
Hi @Abdullah Salem Can you please elaborate more on what you mean by On-premise-->Hub VNet ----> Spoke VNets By "On-premise", do you mean the remote servers connected via P2S? Your requirement is documented here and should be feasible.

Did you create the Peering after downloading the P2SVPNClientConfiguration File?

If so, can you redownload it and try using the new configuration file?
Abdullah Alattar 97 Reputation points

2023-04-12T23:32:26.7033333+00:00

I redownload the Configuration file for P2S VPN and it is working now.
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2023-04-13T06:47:56.92+00:00

Hi @Abdullah Salem

I am glad the issue is now resolved.

We noticed you have took part in a survey for this answer. Now that the issue is resolved, may I request you to Accept the answer and retake the survey.

The survey we are taking is testimony of our team providing timely attention to reported issue and partnering with customer to ensure their voice reaches the engineering team to improve the product.

Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.

Cheers, Kapil

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

Hub & Spoke network Architecture With Azure P2S VPN

1 additional answer

Your answer