How does Azure route traffic to public Internet in present of Azure virtual network gateway ?

Question

I have Azure Virtual Network Gateway that have S2S connection with on premises, on the same vnet as VPN gateway i have virtual machine on different subnet.

if my Azure VM wants to reach public internet does the traffic route via VPN gateway or it takes different route ?

Answer 1

Hello Abdullah,

Virtual Network Gateway is only designed to handle traffic beetween on-prem and your azure networks, and is not involved in routing traffic to internet by default.

If the virtual machine has public IP it will use it by default as outbound otherwise it will take a different route through the Azure backbone network and out to the public internet from a dynamic public ip owned by Microsoft.

It is possible to configure Azure User-Defined Routing (UDR) to force all or specific traffic from the Azure virtual machine to be routed through the VPN gateway. With UDR, you can create routing rules that dictate how traffic is routed within an Azure virtual network. For example, you can create a UDR rule that directs all traffic from the Azure VM to a specific IP address range through the VPN gateway.

On the S2S Connection it's also a good idea to implement Traffic policy selectors that are used to match traffic based on source IP address, destination IP address, or protocol .

If this helped please mark the answer as accepted to help others find this topic.

Regards